Socket
Socket
Sign inDemoInstall

snyk-nuget-plugin

Package Overview
Dependencies
Maintainers
1
Versions
123
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

snyk-nuget-plugin - npm Package Compare versions

Comparing version 1.21.0 to 1.21.1

16

dist/index.js

@@ -36,5 +36,7 @@ "use strict";

}
const createPackageTree = (depTree) => {
const createPackageTree = depTree => {
// TODO implement for paket and more than one framework
const targetFramework = depTree.meta ? depTree.meta.targetFramework : undefined;
const targetFramework = depTree.meta
? depTree.meta.targetFramework
: undefined;
delete depTree.meta;

@@ -51,8 +53,12 @@ return {

if (manifestType === 'paket') {
return paketParser.buildDepTreeFromFiles(root, targetFile, path.join(path.dirname(targetFile), 'paket.lock'), options['include-dev'] || options.dev, // TODO: remove include-dev when no longer used.
options.strict).then(createPackageTree);
return paketParser
.buildDepTreeFromFiles(root, targetFile, path.join(path.dirname(targetFile), 'paket.lock'), options['include-dev'] || options.dev, // TODO: remove include-dev when no longer used.
options.strict)
.then(createPackageTree);
}
return nugetParser.buildDepTreeFromFiles(root, targetFile, options.packagesFolder, manifestType, options['assets-project-name'], options['project-name-prefix']).then(createPackageTree);
return nugetParser
.buildDepTreeFromFiles(root, targetFile, options.packagesFolder, manifestType, options['assets-project-name'], options['project-name-prefix'])
.then(createPackageTree);
}
exports.inspect = inspect;
//# sourceMappingURL=index.js.map

54

dist/nuget-parser/csproj-parser.js

@@ -15,27 +15,33 @@ "use strict";

const csprojPath = findFile(rootDir, /.*\.csproj$/);
if (csprojPath) {
debug('Checking .net framework version in .csproj file ' + csprojPath);
const csprojContents = fs.readFileSync(csprojPath);
let frameworks = [];
parseXML.parseString(csprojContents, (err, parsedCsprojContents) => {
var _a, _b, _c, _d, _e;
if (err) {
reject(new errors_1.FileNotProcessableError(err));
}
const versionLoc = (_b = (_a = parsedCsprojContents === null || parsedCsprojContents === void 0 ? void 0 : parsedCsprojContents.Project) === null || _a === void 0 ? void 0 : _a.PropertyGroup) === null || _b === void 0 ? void 0 : _b[0];
const versions = [].concat((((_c = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworkVersion) === null || _c === void 0 ? void 0 : _c[0]) || ((_d = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFramework) === null || _d === void 0 ? void 0 : _d[0]) || ((_e = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworks) === null || _e === void 0 ? void 0 : _e[0]) || '').split(';')).filter(Boolean);
if (versions.length < 1) {
debug('Could not find TargetFrameworkVersion/TargetFramework' +
'/TargetFrameworks defined in the Project.PropertyGroup field of ' +
'your .csproj file');
}
frameworks = versions.map(framework_1.toReadableFramework).filter(Boolean);
if (versions.length > 1 && frameworks.length < 1) {
debug('Could not find valid/supported .NET version in csproj file located at' + csprojPath);
}
resolve(frameworks[0]);
});
if (!csprojPath) {
debug('.csproj file not found in ' + rootDir + '.');
resolve(undefined);
return;
}
debug('.csproj file not found in ' + rootDir + '.');
resolve();
debug('Checking .net framework version in .csproj file ' + csprojPath);
const csprojContents = fs.readFileSync(csprojPath);
let frameworks = [];
parseXML.parseString(csprojContents, (err, parsedCsprojContents) => {
var _a, _b, _c, _d, _e;
if (err) {
reject(new errors_1.FileNotProcessableError(err));
return;
}
const versionLoc = (_b = (_a = parsedCsprojContents === null || parsedCsprojContents === void 0 ? void 0 : parsedCsprojContents.Project) === null || _a === void 0 ? void 0 : _a.PropertyGroup) === null || _b === void 0 ? void 0 : _b[0];
const versions = []
.concat((((_c = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworkVersion) === null || _c === void 0 ? void 0 : _c[0]) || ((_d = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFramework) === null || _d === void 0 ? void 0 : _d[0]) || ((_e = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworks) === null || _e === void 0 ? void 0 : _e[0]) ||
'').split(';'))
.filter(Boolean);
if (versions.length < 1) {
debug('Could not find TargetFrameworkVersion/TargetFramework' +
'/TargetFrameworks defined in the Project.PropertyGroup field of ' +
'your .csproj file');
}
frameworks = versions.map(framework_1.toReadableFramework).filter(Boolean);
if (versions.length > 1 && frameworks.length < 1) {
debug('Could not find valid/supported .NET version in csproj file located at' +
csprojPath);
}
resolve(frameworks[0]);
});
});

@@ -42,0 +48,0 @@ }

9

dist/nuget-parser/dependency.js

@@ -16,4 +16,3 @@ "use strict";

function extractFromDotVersionNotation(expression) {
const versionRef = /(?=\S+)(?=\.{1})((\.\d+)+((-?\w+\.?\d*)|(\+?[0-9a-f]{5,40}))?)/
.exec(expression)[0];
const versionRef = /(?=\S+)(?=\.{1})((\.\d+)+((-?\w+\.?\d*)|(\+?[0-9a-f]{5,40}))?)/.exec(expression)[0];
const name = expression.split(versionRef)[0];

@@ -37,4 +36,6 @@ return {

debug('Extracting by packages.config entry:' +
' name = ' + manifest.$.id +
' version = ' + manifest.$.version);
' name = ' +
manifest.$.id +
' version = ' +
manifest.$.version);
return {

@@ -41,0 +42,0 @@ dependencies: {},

20

dist/nuget-parser/dotnet-core-parser.js

@@ -21,3 +21,3 @@ "use strict";

const pickedObj = {};
Object.keys(obj).forEach((k) => {
Object.keys(obj).forEach(k => {
if (keys.includes(k)) {

@@ -36,3 +36,3 @@ pickedObj[k] = obj[k];

const names = Object.keys(targetObj);
return names.map((name) => {
return names.map(name => {
name = convertFromPathSyntax(name);

@@ -60,3 +60,3 @@ return name;

function isScanned(nodes, pkg) {
const node = nodes.find((elem) => elem.name === pkg.name && elem.version === pkg.version);
const node = nodes.find(elem => elem.name === pkg.name && elem.version === pkg.version);
return !!node;

@@ -86,3 +86,3 @@ }

version: currentDepVersion,
dependencies: targetDeps[currentDep].dependencies
dependencies: targetDeps[currentDep].dependencies,
};

@@ -116,3 +116,3 @@ }

version: '0.0.0',
dependencies: freqSysDeps
dependencies: freqSysDeps,
};

@@ -147,3 +147,4 @@ }

}
if (!manifest.project.frameworks || Object.keys(manifest.project.frameworks).length === 0) {
if (!manifest.project.frameworks ||
Object.keys(manifest.project.frameworks).length === 0) {
throw new errors_1.InvalidManifestError('0 frameworks were found in project.assets.json');

@@ -168,3 +169,4 @@ }

// Fix for https://github.com/snyk/snyk-nuget-plugin/issues/75
if (!tree.meta.targetFramework || manifest.project.frameworks[tree.meta.targetFramework] === undefined) {
if (!tree.meta.targetFramework ||
manifest.project.frameworks[tree.meta.targetFramework] === undefined) {
tree.meta.targetFramework = getFrameworkToRun(manifest);

@@ -176,3 +178,5 @@ }

initFreqDepsDict();
const directDependencies = selectedFrameworkObj.dependencies ? collectFlatList(selectedFrameworkObj.dependencies) : [];
const directDependencies = selectedFrameworkObj.dependencies
? collectFlatList(selectedFrameworkObj.dependencies)
: [];
debug(`directDependencies: '${directDependencies}'`);

@@ -179,0 +183,0 @@ tree.dependencies = buildBfsTree(selectedTargetObj, directDependencies);

27

dist/nuget-parser/dotnet-framework-parser.js

@@ -11,4 +11,4 @@ "use strict";

function injectPath(dep, packagesFolder) {
dep.path = dep.localPath ?
path.resolve(packagesFolder, dep.localPath)
dep.path = dep.localPath
? path.resolve(packagesFolder, dep.localPath)
: path.resolve(packagesFolder, dep.name + '.' + dep.version);

@@ -22,3 +22,3 @@ if (dep.localPath) {

debug('Located ' + installedPackages.length + ' packages in manifest');
installedPackages.forEach((entry) => {
installedPackages.forEach(entry => {
injectPath(entry, packagesFolder);

@@ -33,3 +33,3 @@ flattenedPackageList[entry.name] =

fs.readdirSync(packagesFolder)
.map((folderName) => {
.map(folderName => {
try {

@@ -43,3 +43,3 @@ return dependency_1.fromFolderName(folderName);

})
.forEach((dep) => {
.forEach(dep => {
if (dep) {

@@ -51,6 +51,9 @@ injectPath(dep, packagesFolder);

// prefer found from packages folder (dep) over existing
debug('For package ' + dep.name + ' the version ' +
debug('For package ' +
dep.name +
' the version ' +
flattenedPackageList[dep.name].version +
' was extracted from manifest file.' +
'\nWe are overwriting it with version ' + dep.version +
'\nWe are overwriting it with version ' +
dep.version +
' from the packages folder');

@@ -81,3 +84,3 @@ flattenedPackageList[dep.name] = dep;

const nuspecResolutions = {};
nuspecResolutionChain.forEach((resolution) => {
nuspecResolutionChain.forEach(resolution => {
if (!resolution) {

@@ -107,3 +110,4 @@ return;

const transitiveChildren = (nuspecResolutions[transitiveDependency.name] &&
nuspecResolutions[transitiveDependency.name].children) || [];
nuspecResolutions[transitiveDependency.name].children) ||
[];
buildTree(transitiveDependency, transitiveChildren, flattenedPackageList, nuspecResolutions);

@@ -124,5 +128,4 @@ node.dependencies[transitiveDependency.name] = transitiveDependency;

const nugetKeys = Object.keys(nuspecResolutions);
Object.keys(flattenedPackageList).forEach((packageName) => {
tree.dependencies[packageName] =
dependency_1.cloneShallow(flattenedPackageList[packageName]);
Object.keys(flattenedPackageList).forEach(packageName => {
tree.dependencies[packageName] = dependency_1.cloneShallow(flattenedPackageList[packageName]);
});

@@ -129,0 +132,0 @@ if (nugetKeys.length > 0) {

5

dist/nuget-parser/index.js

@@ -37,3 +37,3 @@ "use strict";

function getRootName(root, projectRootFolder, projectNamePrefix) {
const defaultRootName = path.basename(root || projectRootFolder || "");
const defaultRootName = path.basename(root || projectRootFolder || '');
if (projectNamePrefix) {

@@ -98,3 +98,4 @@ return projectNamePrefix + defaultRootName;

else {
debug("project.assets.json file doesn't contain a value for 'projectName'. Using default value: " + tree.name);
debug("project.assets.json file doesn't contain a value for 'projectName'. Using default value: " +
tree.name);
}

@@ -101,0 +102,0 @@ }

37

dist/nuget-parser/nuspec-parser.js

@@ -18,9 +18,9 @@ "use strict";

})
.then((nuspecZipData) => {
const nuspecFiles = Object.keys(nuspecZipData.files).filter((file) => {
return (path.extname(file) === '.nuspec');
.then(nuspecZipData => {
const nuspecFiles = Object.keys(nuspecZipData.files).filter(file => {
return path.extname(file) === '.nuspec';
});
return nuspecZipData.files[nuspecFiles[0]].async('text');
})
.then((nuspecContent) => {
.then(nuspecContent => {
return new Promise((resolve, reject) => {

@@ -35,4 +35,4 @@ parseXML.parseString(nuspecContent, (err, result) => {

// we have dependency version conflict resolution implemented
result.package.metadata.forEach((metadata) => {
metadata.dependencies.forEach((rawDependency) => {
result.package.metadata.forEach(metadata => {
metadata.dependencies.forEach(rawDependency => {
// Find and add target framework version specific dependencies

@@ -47,3 +47,3 @@ const depsForTargetFramework = extractDepsForTargetFramework(rawDependency, targetFramework);

if (depsFromPlainGroups) {
depsFromPlainGroups.forEach((depGroup) => {
depsFromPlainGroups.forEach(depGroup => {
ownDeps = ownDeps.concat(extractDepsFromRaw(depGroup.dependency));

@@ -63,3 +63,3 @@ });

})
.catch((err) => {
.catch(err => {
// parsing problems are coerced into an empty nuspec

@@ -75,4 +75,3 @@ debug('Error parsing dependency', JSON.stringify(dep), err);

}
return rawDependency.group
.filter((group) => {
return rawDependency.group.filter(group => {
// valid group with no attributes or no `targetFramework` attribute

@@ -86,8 +85,9 @@ return group && !(group.$ && group.$.targetFramework);

}
return rawDependency.group.filter((group) => {
return rawDependency.group
.filter(group => {
var _a;
return ((_a = group === null || group === void 0 ? void 0 : group.$) === null || _a === void 0 ? void 0 : _a.targetFramework) &&
targetFrameworkRegex.test(group.$.targetFramework);
return (((_a = group === null || group === void 0 ? void 0 : group.$) === null || _a === void 0 ? void 0 : _a.targetFramework) &&
targetFrameworkRegex.test(group.$.targetFramework));
})
.map((group) => {
.map(group => {
const parts = group.$.targetFramework.split(targetFrameworkRegex);

@@ -106,6 +106,5 @@ return {

})
// .orderBy(['framework', 'version'], ['asc', 'desc'])
.find((group) => {
return targetFramework.framework === group.framework &&
targetFramework.version >= group.version;
.find(group => {
return (targetFramework.framework === group.framework &&
targetFramework.version >= group.version);
});

@@ -118,3 +117,3 @@ }

const deps = [];
rawDependencies.forEach((dep) => {
rawDependencies.forEach(dep => {
if (dep && dep.$) {

@@ -121,0 +120,0 @@ deps.push({

2

dist/nuget-parser/project-json-parser.js

@@ -42,3 +42,3 @@ "use strict";

const pData = rawContent.project;
const name = (pData.restore && pData.restore.projectName);
const name = pData.restore && pData.restore.projectName;
result.project = {

@@ -45,0 +45,0 @@ version: pData.version || '0.0.0',

13

package.json

@@ -6,5 +6,6 @@ {

"scripts": {
"test": "npm run eslint && npm run unit-test",
"test": "npm run lint && npm run unit-test",
"unit-test": "tap --no-coverage test/*.test.ts --timeout=300",
"eslint": "eslint -c .eslintrc.js lib/**/*",
"lint": "prettier --check \"./lib/**/*.ts\" && eslint -c .eslintrc.js \"./lib/**/*\"",
"lint:fix": "prettier --write \"./lib/**/*.ts\" && eslint -c .eslintrc.js --fix \"./lib/**/*\"",
"build": "tsc",

@@ -45,10 +46,12 @@ "build-watch": "tsc -w",

"devDependencies": {
"@types/node": "^8.10.60",
"@typescript-eslint/eslint-plugin": "^2.31.0",
"@typescript-eslint/parser": "^2.31.0",
"@types/node": "^8.10.60",
"eslint": "^6.8.0",
"eslint-config-prettier": "^6.15.0",
"prettier": "^1.19.1",
"tap": "^14.10.7",
"eslint": "^6.8.0",
"typescript": "^3.8.3"
},
"version": "1.21.0"
"version": "1.21.1"
}
dist/errors/index.js.map

Sorry, the diff of this file is not supported yet

dist/index.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/csproj-parser.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/dependency.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/dotnet-core-parser.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/dotnet-framework-parser.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/framework.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/index.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/nuspec-parser.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/packages-config-parser.js.map

Sorry, the diff of this file is not supported yet

dist/nuget-parser/project-json-parser.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc