snyk-nuget-plugin - npm Package Compare versions

Comparing version 1.6.4 to 1.6.5

lib/nuspec-parser.js

@@ -1,8 +0,8 @@
-var zip = require('zip');
+var JSZip = require('jszip');
 var fs = require('fs');
 var path = require('path');
-var safeBufferRead = require('./safe-buffer-read');
 var parseXML = require('xml2js').parseString;
 var Dependency = require('./dependency');
 var _ = require('lodash');
+var debug = require('debug')('snyk');
 
@@ -12,65 +12,70 @@ const targetFrameworkRegex = /([.a-zA-Z]+)([.0-9]+)/;
 function parseNuspec(dep, targetFrameworks, sep) {
-  return new Promise(function (resolve, reject) {
-    var pathSep = sep || '.';
-    var nuspecPath = path.resolve(
-      dep.path,
-      dep.name + pathSep + dep.version + '.nupkg');
-    var rawZipped;
+  return Promise.resolve()
+    .then(function () {
+      var pathSep = sep || '.';
+      var nupkgPath =
+        path.resolve(dep.path, dep.name + pathSep + dep.version + '.nupkg');
+      var nupkgData = fs.readFileSync(nupkgPath);
+      return JSZip.loadAsync(nupkgData);
+    })
+    .then(function (nuspecZipData) {
+      var nuspecFile = Object.keys(nuspecZipData.files).find(function (file) {
+        return (path.extname(file) === '.nuspec');
+      });
+      return nuspecZipData.files[nuspecFile].async('string');
+    })
+    .then(function (nuspecContent) {
+      return new Promise(function (resolve, reject) {
+        parseXML(nuspecContent, function (err, result) {
+          if (err) {
+            return reject(err);
+          }
 
-    try {
-      rawZipped = fs.readFileSync(nuspecPath);
-    } catch (err) {
-      return resolve(null);
-    }
-    var reader = zip.Reader(rawZipped);
-    var nuspecContent = null;
-    reader.forEach(function (entry) {
-      if (path.extname(entry._header.file_name) === '.nuspec') { // jscs:ignore
-        nuspecContent = safeBufferRead(entry.getData());
-      }
-    });
-    parseXML(nuspecContent, function (err, result) {
-      if (err) {
-        return reject(err);
-      }
+          var ownDeps = [];
+          // We are only going to check the first targetFramework we encounter
+          // in the future we may want to support multiple, but only once
+          // we have dependency version conflict resolution implemented
+          // _(targetFrameworks).forEach(function (targetFramework) {
+          _(result.package.metadata).forEach(function (metadata) {
+            _(metadata.dependencies).forEach(function (rawDependency) {
 
-      var ownDeps = [];
-      // We are only going to check the first targetFramework we encounter
-      // in the future we may want to support multiple, but only once
-      // we have dependency version conflict resolution implemented
-      // _(targetFrameworks).forEach(function (targetFramework) {
-      _(result.package.metadata).forEach(function (metadata) {
-        _(metadata.dependencies).forEach(function (rawDependency) {
+              // Find and add target framework version specific dependencies
+              const depsForTargetFramework =
+              extractDepsForTargetFrameworks(rawDependency, targetFrameworks);
 
-          // Find and add target framework version specific dependencies
-          const depsForTargetFramework =
-            extractDepsForTargetFrameworks(rawDependency, targetFrameworks);
+              if (depsForTargetFramework && depsForTargetFramework.group) {
+                ownDeps = _.concat(ownDeps,
+                  extractDepsFromRaw(depsForTargetFramework.group.dependency));
+              }
 
-          if (depsForTargetFramework && depsForTargetFramework.group) {
-            ownDeps = _.concat(ownDeps,
-              extractDepsFromRaw(depsForTargetFramework.group.dependency));
-          }
+              // Find all groups with no targetFramework attribute
+              // add their deps
+              const depsFromPlainGroups =
+                extractDepsForPlainGroups(rawDependency);
 
-          // Find all groups with no targetFramework attribute, add their deps
-          const depsFromPlainGroups = extractDepsForPlainGroups(rawDependency);
+              if (depsFromPlainGroups) {
+                depsFromPlainGroups.forEach(function (depGroup) {
+                  ownDeps = _.concat(ownDeps,
+                    extractDepsFromRaw(depGroup.dependency));
+                });
+              }
 
-          if (depsFromPlainGroups) {
-            depsFromPlainGroups.forEach(function (depGroup) {
-              ownDeps = _.concat(ownDeps,
-                extractDepsFromRaw(depGroup.dependency));
+              // Add the default dependencies
+              ownDeps =
+              _.concat(ownDeps, extractDepsFromRaw(rawDependency.dependency));
             });
-          }
+          });
 
-          // Add the default dependencies
-          ownDeps =
-            _.concat(ownDeps, extractDepsFromRaw(rawDependency.dependency));
+          return resolve({
+            name: dep.name,
+            children: ownDeps,
+          });
         });
       });
-
-      return resolve({
-        name: dep.name,
-        children: ownDeps,
-      });
+    })
+    .catch(function (err) {
+      // parsing problems are coerced into an empty nuspec
+      debug('Error parsing dependency', JSON.stringify(dep), err);
+      return null;
     });
-  });
 }
@@ -77,0 +82,0 @@

package.json

@@ -7,7 +7,4 @@ {
     "lint": "eslint -c .eslintrc lib test",
-    "test": "npm run unit-test",
-    "test-windows": "tap -R spec test/*.test.js --timeout=120",
-    "unit-test": "tap `ls ./test/*.test.js` -R=spec --timeout=120",
-    "dev": "nodemon -x 'npm run unit-test'",
-    "semantic-release": "semantic-release"
+    "test": "npm run lint && tap test/*.test.js -R=spec --timeout=120",
+    "dev": "nodemon -x 'npm run test'"
   },
@@ -30,5 +27,5 @@ "repository": {
     "debug": "^3.1.0",
-    "xml2js": "^0.4.17",
-    "zip": "^1.2.0",
-    "lodash": "^4.17.10"
+    "jszip": "^3.1.5",
+    "lodash": "^4.17.10",
+    "xml2js": "^0.4.17"
   },
@@ -38,7 +35,6 @@ "devDependencies": {
     "nodemon": "^1.12.1",
-    "semantic-release": "^15",
     "tap": "^12.0.1",
     "tap-only": "0.0.5"
   },
-  "version": "1.6.4"
+  "version": "1.6.5"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

4

decreased by-20%

Worsened metrics

Total package byte prevSize

32125

decreased by-0.15%

Number of package files

14

decreased by-6.67%

Lines of code

644

decreased by-0.92%

Dependency changes

• + Addedjszip@^3.1.5

• + Addedcore-util-is@1.0.3(transitive)

• + Addedimmediate@3.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedisarray@1.0.0(transitive)

• + Addedjszip@3.10.1(transitive)

• + Addedlie@3.3.0(transitive)

• + Addedpako@1.0.11(transitive)

• + Addedprocess-nextick-args@2.0.1(transitive)

• + Addedreadable-stream@2.3.8(transitive)

• + Addedsafe-buffer@5.1.2(transitive)

• + Addedsetimmediate@1.0.5(transitive)

• + Addedstring_decoder@1.1.1(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• - Removedzip@^1.2.0

• - Removedbase64-js@0.0.2(transitive)

• - Removedbops@0.1.1(transitive)

• - Removedto-utf8@0.0.1(transitive)

• - Removedzip@1.2.0(transitive)