diff --git a/package-lock.json b/package-lock.json index 26a073ba..9cbc2a4b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -454,6 +454,62 @@ "prettier": "^2.7.1" } }, + "node_modules/@dashlog/fetch-github-repositories": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@dashlog/fetch-github-repositories/-/fetch-github-repositories-3.0.2.tgz", + "integrity": "sha512-q5MRrWJO+EgXCaSZFIGQff29rm4ZFj17qfh80SJzngcdmygpWrra3/h22urZtY/iKXATTBc0c/aQBmAlR2zgtg==", + "license": "MIT", + "dependencies": { + "@myunisoft/httpie": "^1.9.2", + "combine-async-iterators": "^2.0.1", + "http-link-header": "^1.0.3" + } + }, + "node_modules/@dashlog/fetch-github-repositories/node_modules/@myunisoft/httpie": { + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/@myunisoft/httpie/-/httpie-1.11.0.tgz", + "integrity": "sha512-/qTHLPHKgElvfKI2xvkHUSqntGxfj2H6WZM2d0a2Uc95n17WyEKr2QraB3P4r9vJbFDKHfMC3n0ottnelucfRw==", + "license": "MIT", + "dependencies": { + "content-type": "^1.0.5", + "lru-cache": "^8.0.4", + "statuses": "^2.0.1", + "undici": "^5.21.0" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/@dashlog/fetch-github-repositories/node_modules/combine-async-iterators": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/combine-async-iterators/-/combine-async-iterators-2.1.0.tgz", + "integrity": "sha512-Dgz38XQEMQ/AolKftyBFWuxeSdgEyNdURkbJsr47eTc4iQqCWbgAvh8EuXf5W/qyc8ONqZRAGrs17/i0XCzLTQ==", + "license": "MIT", + "engines": { + "node": ">=16" + } + }, + "node_modules/@dashlog/fetch-github-repositories/node_modules/lru-cache": { + "version": "8.0.5", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-8.0.5.tgz", + "integrity": "sha512-MhWWlVnuab1RG5/zMRRcVGXZLCXrZTgfwMikgzCegsPnG62yDQo5JnqKkrK4jO5iKqDAZGItAqN5CtKBCBWRUA==", + "license": "ISC", + "engines": { + "node": ">=16.14" + } + }, + "node_modules/@dashlog/fetch-github-repositories/node_modules/undici": { + "version": "5.29.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz", + "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==", + "license": "MIT", + "dependencies": { + "@fastify/busboy": "^2.0.0" + }, + "engines": { + "node": ">=14.0" + } + }, "node_modules/@esbuild/aix-ppc64": { "version": "0.25.0", "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.0.tgz", @@ -1086,6 +1142,15 @@ "npm": ">=9.0.0" } }, + "node_modules/@fastify/busboy": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz", + "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==", + "license": "MIT", + "engines": { + "node": ">=14" + } + }, "node_modules/@fastify/deepmerge": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/@fastify/deepmerge/-/deepmerge-3.1.0.tgz", @@ -2101,21 +2166,6 @@ "node": ">=16" } }, - "node_modules/@nodesecure/vulnera/node_modules/jackspeak": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", - "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", - "license": "BlueOak-1.0.0", - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, "node_modules/@nodesecure/vulnera/node_modules/json-parse-even-better-errors": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-3.0.2.tgz", @@ -2350,22 +2400,6 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "node_modules/@nodesecure/vulnera/node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "license": "BlueOak-1.0.0", - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/@nodesecure/vulnera/node_modules/postcss-selector-parser": { "version": "6.1.2", "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", @@ -2789,27 +2823,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/@npmcli/map-workspaces/node_modules/jackspeak": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", - "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", - "license": "BlueOak-1.0.0", - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, - "node_modules/@npmcli/map-workspaces/node_modules/lru-cache": { - "version": "10.4.3", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", - "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", - "license": "ISC" - }, "node_modules/@npmcli/map-workspaces/node_modules/minipass": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", @@ -2819,22 +2832,6 @@ "node": ">=16 || 14 >=14.17" } }, - "node_modules/@npmcli/map-workspaces/node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "license": "BlueOak-1.0.0", - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/@npmcli/metavuln-calculator": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-9.0.0.tgz", @@ -2919,21 +2916,6 @@ "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/@npmcli/package-json/node_modules/jackspeak": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", - "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", - "license": "BlueOak-1.0.0", - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, "node_modules/@npmcli/package-json/node_modules/lru-cache": { "version": "10.4.3", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", @@ -2949,22 +2931,6 @@ "node": ">=16 || 14 >=14.17" } }, - "node_modules/@npmcli/package-json/node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "license": "BlueOak-1.0.0", - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/@npmcli/promise-spawn": { "version": "8.0.2", "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-8.0.2.tgz", @@ -3468,11 +3434,6 @@ "node": ">=10" } }, - "node_modules/@pnpm/git-resolver/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/@pnpm/git-utils": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/@pnpm/git-utils/-/git-utils-2.0.0.tgz", @@ -3851,11 +3812,6 @@ "node": ">=10" } }, - "node_modules/@pnpm/lockfile.fs/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/@pnpm/lockfile.merger": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@pnpm/lockfile.merger/-/lockfile.merger-1.0.1.tgz", @@ -4190,11 +4146,6 @@ "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, - "node_modules/@pnpm/npm-package-arg/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/@pnpm/patching.types": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/@pnpm/patching.types/-/patching.types-1.0.0.tgz", @@ -5607,20 +5558,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/cacache/node_modules/jackspeak": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", - "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, "node_modules/cacache/node_modules/lru-cache": { "version": "10.4.3", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", @@ -5661,21 +5598,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/cacache/node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/cacache/node_modules/ssri": { "version": "12.0.0", "resolved": "https://registry.npmjs.org/ssri/-/ssri-12.0.0.tgz", @@ -7157,6 +7079,15 @@ "version": "4.1.1", "license": "BSD-2-Clause" }, + "node_modules/http-link-header": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/http-link-header/-/http-link-header-1.1.3.tgz", + "integrity": "sha512-3cZ0SRL8fb9MUlU3mKM61FcQvPfXx2dBrZW3Vbg5CXa8jFlK8OaEpePenLe1oEXQduhz8b0QjsqfS59QP4AJDQ==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, "node_modules/http-proxy-agent": { "version": "5.0.0", "license": "MIT", @@ -7510,6 +7441,21 @@ "integrity": "sha512-dFTSYzmbfeNE3q/qxwAr/QdKsK6/rp+LTz8SJdTg1+lo9omXFYpDcOKw47/7TevlnC0LorR5pRSf68+yB3N0GA==", "license": "MIT" }, + "node_modules/jackspeak": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", + "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", + "license": "BlueOak-1.0.0", + "dependencies": { + "@isaacs/cliui": "^8.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "optionalDependencies": { + "@pkgjs/parseargs": "^0.11.0" + } + }, "node_modules/jest-diff": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", @@ -8268,10 +8214,6 @@ "node": ">=8" } }, - "node_modules/minipass-flush/node_modules/yallist": { - "version": "4.0.0", - "license": "ISC" - }, "node_modules/minipass-pipeline": { "version": "1.2.4", "license": "ISC", @@ -8292,10 +8234,6 @@ "node": ">=8" } }, - "node_modules/minipass-pipeline/node_modules/yallist": { - "version": "4.0.0", - "license": "ISC" - }, "node_modules/minipass-sized": { "version": "1.0.3", "license": "ISC", @@ -8316,14 +8254,6 @@ "node": ">=8" } }, - "node_modules/minipass-sized/node_modules/yallist": { - "version": "4.0.0", - "license": "ISC" - }, - "node_modules/minipass/node_modules/yallist": { - "version": "4.0.0", - "license": "ISC" - }, "node_modules/minizlib": { "version": "2.1.2", "license": "MIT", @@ -8345,10 +8275,6 @@ "node": ">=8" } }, - "node_modules/minizlib/node_modules/yallist": { - "version": "4.0.0", - "license": "ISC" - }, "node_modules/mkdirp": { "version": "1.0.4", "license": "MIT", @@ -8595,11 +8521,6 @@ "node": ">=10" } }, - "node_modules/normalize-package-data/node_modules/yallist": { - "version": "4.0.0", - "dev": true, - "license": "ISC" - }, "node_modules/normalize-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", @@ -9170,6 +9091,37 @@ "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", "dev": true }, + "node_modules/path-scurry": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", + "license": "BlueOak-1.0.0", + "dependencies": { + "lru-cache": "^10.2.0", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" + }, + "engines": { + "node": ">=16 || 14 >=14.18" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/path-scurry/node_modules/lru-cache": { + "version": "10.4.3", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", + "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", + "license": "ISC" + }, + "node_modules/path-scurry/node_modules/minipass": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", + "license": "ISC", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, "node_modules/path-type": { "version": "4.0.0", "dev": true, @@ -10280,10 +10232,6 @@ "node": ">=8" } }, - "node_modules/tar/node_modules/yallist": { - "version": "4.0.0", - "license": "ISC" - }, "node_modules/term-size": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/term-size/-/term-size-2.2.1.tgz", @@ -10331,27 +10279,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/test-exclude/node_modules/jackspeak": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", - "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", - "dev": true, - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, - "node_modules/test-exclude/node_modules/lru-cache": { - "version": "10.4.3", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", - "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", - "dev": true - }, "node_modules/test-exclude/node_modules/minipass": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", @@ -10361,22 +10288,6 @@ "node": ">=16 || 14 >=14.17" } }, - "node_modules/test-exclude/node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "dev": true, - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/text-decoder": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/text-decoder/-/text-decoder-1.2.3.tgz", @@ -11391,6 +11302,12 @@ "node": ">=10" } }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "license": "ISC" + }, "node_modules/yargs": { "version": "17.7.2", "dev": true, @@ -11530,6 +11447,20 @@ "node": ">=20.0.0" } }, + "workspaces/gh-scanner": { + "name": "@nodesecure/gh-scanner", + "version": "0.1.0", + "extraneous": true, + "license": "MIT", + "dependencies": { + "@dashlog/fetch-github-repositories": "^3.0.2", + "pacote": "^15.2.0" + }, + "devDependencies": { + "@types/tape": "^5.0.0", + "tape": "^5.7.2" + } + }, "workspaces/github": { "name": "@nodesecure/github", "version": "2.0.0", @@ -11598,7 +11529,7 @@ }, "workspaces/rc": { "name": "@nodesecure/rc", - "version": "5.0.0", + "version": "5.0.1", "license": "MIT", "dependencies": { "@nodesecure/js-x-ray": "^9.2.0", @@ -11644,9 +11575,10 @@ }, "workspaces/scanner": { "name": "@nodesecure/scanner", - "version": "6.9.0", + "version": "6.10.0", "license": "MIT", "dependencies": { + "@dashlog/fetch-github-repositories": "^3.0.2", "@fastify/deepmerge": "^3.1.0", "@nodesecure/conformance": "^1.1.0", "@nodesecure/contact": "^2.0.0", @@ -11656,9 +11588,9 @@ "@nodesecure/mama": "^1.6.0", "@nodesecure/npm-registry-sdk": "^3.0.0", "@nodesecure/npm-types": "^1.2.0", - "@nodesecure/rc": "^5.0.0", - "@nodesecure/tarball": "^2.0.0", - "@nodesecure/tree-walker": "^1.3.0", + "@nodesecure/rc": "^5.0.1", + "@nodesecure/tarball": "^2.0.1", + "@nodesecure/tree-walker": "^1.3.1", "@nodesecure/utils": "^2.3.0", "@nodesecure/vulnera": "^2.0.1", "@openally/mutex": "^2.0.0", @@ -11679,7 +11611,7 @@ }, "workspaces/tarball": { "name": "@nodesecure/tarball", - "version": "2.0.0", + "version": "2.0.1", "license": "MIT", "dependencies": { "@nodesecure/conformance": "^1.0.0", @@ -11696,7 +11628,7 @@ }, "workspaces/tree-walker": { "name": "@nodesecure/tree-walker", - "version": "1.3.0", + "version": "1.3.1", "license": "MIT", "dependencies": { "@nodesecure/js-x-ray": "^9.2.0", diff --git a/workspaces/scanner/package.json b/workspaces/scanner/package.json index 747da870..0a388efd 100644 --- a/workspaces/scanner/package.json +++ b/workspaces/scanner/package.json @@ -48,6 +48,7 @@ }, "homepage": "https://github.com/NodeSecure/tree/master/workspaces/scanner#readme", "dependencies": { + "@dashlog/fetch-github-repositories": "^3.0.2", "@fastify/deepmerge": "^3.1.0", "@nodesecure/conformance": "^1.1.0", "@nodesecure/contact": "^2.0.0", diff --git a/workspaces/scanner/src/github/index.ts b/workspaces/scanner/src/github/index.ts new file mode 100644 index 00000000..c07e4762 --- /dev/null +++ b/workspaces/scanner/src/github/index.ts @@ -0,0 +1,51 @@ +// Import Third-party Dependencies +import { fetchLazy } from "@dashlog/fetch-github-repositories"; +import pacote from "pacote"; + +export interface GitHubRepository { + name: string; + url: string; + dependencies: Record; + devDependencies: Record; + optionalDependencies: Record; + peerDependencies: Record; +} + +export interface ScanOrganizationOptions { + orgName: string; + githubToken?: string; + onProgress?: (repo: { name: string; url: string; }) => void; +} + +export async function scanOrganization(options: ScanOrganizationOptions): Promise { + const { orgName, githubToken, onProgress } = options; + + const results: GitHubRepository[] = []; + const lazyRepos = fetchLazy(orgName, { + kind: "orgs", + token: githubToken + }); + + for await (const repo of lazyRepos) { + onProgress?.({ name: repo.name, url: repo.html_url }); + try { + const manifest = await pacote.manifest(`${orgName}/${repo.name}`, { + token: githubToken + }); + + results.push({ + name: repo.name, + url: repo.html_url, + dependencies: manifest.dependencies || {}, + devDependencies: manifest.devDependencies || {}, + optionalDependencies: manifest.optionalDependencies || {}, + peerDependencies: manifest.peerDependencies || {} + }); + } + catch (_error) { + // Ignore repositories without a package.json + } + } + + return results; +} diff --git a/workspaces/scanner/src/index.ts b/workspaces/scanner/src/index.ts index 810c3931..30dbbda0 100644 --- a/workspaces/scanner/src/index.ts +++ b/workspaces/scanner/src/index.ts @@ -106,3 +106,5 @@ export { Logger, ScannerLoggerEvents }; + +export * from "./github/index.js"; diff --git a/workspaces/scanner/test/github/index.spec.ts b/workspaces/scanner/test/github/index.spec.ts new file mode 100644 index 00000000..5e231b91 --- /dev/null +++ b/workspaces/scanner/test/github/index.spec.ts @@ -0,0 +1,46 @@ +// Import Node.js Dependencies +import { test, describe } from "node:test"; +import assert from "node:assert"; + +// Import Internal Dependencies +import { scanOrganization } from "../../src/github/index.js"; + +const githubToken = process.env.GITHUB_TOKEN; + +const kSkipTest = !githubToken; +const kTestOptions = { + skip: kSkipTest ? "Skipping test because GITHUB_TOKEN is not set" : false +}; + +describe("scanOrganization", () => { + test("should retrieve repositories and their dependencies", kTestOptions, async() => { + const results = await scanOrganization({ + orgName: "NodeSecure", + githubToken, + onProgress: (repo) => { + console.log(`- scanning repository: ${repo.name}`); + } + }); + + assert.ok(Array.isArray(results), "should return an array"); + assert.ok(results.length > 0, "should return at least one repository"); + + const repo = results[0]; + assert.ok(repo.name, "should have name"); + assert.ok(repo.url, "should have url"); + assert.ok(typeof repo.dependencies === "object", "should have dependencies object"); + assert.ok(typeof repo.devDependencies === "object", "should have devDependencies object"); + assert.ok(typeof repo.optionalDependencies === "object", "should have optionalDependencies object"); + assert.ok(typeof repo.peerDependencies === "object", "should have peerDependencies object"); + }); + + test("should handle invalid organization gracefully", kTestOptions, async() => { + await assert.rejects( + async() => await scanOrganization({ + orgName: "ThisOrganizationShouldNotExist" + Date.now(), + githubToken + }), + "should throw for invalid organization" + ); + }); +});