feat(scorecard): add support for GitLab (#266)

README.md

@@ -167,7 +167,7 @@ Since version 0.6.0 of Node-secure the UI include a brand new searchbar that all
 - author (author name/email/url).
 - ext (list of available file extensions in the current payload/tree).
 - builtin (available Node.js core module name).
-- size (see [here](https://github.com/NodeSecure/size-satisfies#usage-example)
+- size (see [here](https://github.com/NodeSecure/size-satisfies#usage-example)).
 
 Exemple of query:
 
@@ -187,7 +187,6 @@ other side will bundle and remove most of the useless files from the tarball (Li
 ### Why some packages don't have OSSF Scorecard ?
 See [Scorecard Public Data](https://github.com/ossf/scorecard#public-data):
 > We run a weekly Scorecard scan of the 1 million most critical open source projects judged by their direct dependencies and publish the results in a BigQuery public dataset.
-> Currently, this list is derived from projects hosted on GitHub ONLY.
 
 ## Contributors guide
 

bin/index.js

@@ -83,6 +83,7 @@ prog
 prog
   .command("scorecard [repository]")
   .describe(i18n.getTokenSync("cli.commands.scorecard.desc"))
+  .option("--vcs", "Version control platform (GitHub, GitLab", "github")
   .action(commands.scorecard.main);
 
 prog

package.json

@@ -1,108 +1,108 @@
-{
-  "name": "@nodesecure/cli",
-  "version": "2.2.1",
-  "description": "Node.js security CLI",
-  "main": "./bin/index.js",
-  "bin": {
-    "node-secure": "./bin/index.js",
-    "nsecure": "./bin/index.js"
-  },
-  "type": "module",
-  "engines": {
-    "node": ">=18"
-  },
-  "scripts": {
-    "eslint": "eslint bin src test",
-    "eslint-fix": "npm run eslint -- --fix",
-    "prepublishOnly": "rimraf ./dist && npm run build && pkg-ok",
-    "build": "node ./esbuild.config.js",
-    "test": "npm run test-only && npm run eslint",
-    "test-only": "node --loader=esmock --no-warnings --test test/",
-    "coverage": "c8 --reporter=lcov npm run test"
-  },
-  "files": [
-    "bin",
-    "dist",
-    "src",
-    "views"
-  ],
-  "workspaces": [
-    "workspaces/documentation-ui",
-    "workspaces/vis-network"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/NodeSecure/cli.git"
-  },
-  "keywords": [
-    "node",
-    "nodejs",
-    "security",
-    "cli",
-    "sast",
-    "scanner",
-    "static",
-    "code",
-    "analysis",
-    "node_modules",
-    "tree",
-    "npm",
-    "registry",
-    "graph",
-    "visualization",
-    "dependencies"
-  ],
-  "author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/NodeSecure/cli/issues"
-  },
-  "homepage": "https://github.com/NodeSecure/cli#readme",
-  "devDependencies": {
-    "@myunisoft/httpie": "^2.0.1",
-    "@nodesecure/eslint-config": "^1.7.1",
-    "@nodesecure/size-satisfies": "^1.1.0",
-    "@nodesecure/vis-network": "^1.4.0",
-    "@types/node": "^20.5.3",
-    "c8": "^8.0.1",
-    "cross-env": "^7.0.3",
-    "esbuild": "^0.19.2",
-    "eslint": "^8.47.0",
-    "esmock": "^2.3.8",
-    "http-server": "^14.1.1",
-    "pkg-ok": "^3.0.0",
-    "pretty-bytes": "^6.1.1",
-    "rimraf": "^5.0.5",
-    "strip-ansi": "^7.1.0"
-  },
-  "dependencies": {
-    "@nodesecure/documentation-ui": "^1.3.0",
-    "@nodesecure/flags": "^2.4.0",
-    "@nodesecure/i18n": "^3.4.0",
-    "@nodesecure/licenses-conformance": "^2.1.0",
-    "@nodesecure/npm-registry-sdk": "^1.6.1",
-    "@nodesecure/ossf-scorecard-sdk": "^2.0.0",
-    "@nodesecure/rc": "^1.5.0",
-    "@nodesecure/scanner": "^5.1.0",
-    "@nodesecure/utils": "^1.1.0",
-    "@nodesecure/vuln": "^1.7.0",
-    "@openally/result": "^1.2.0",
-    "@polka/send-type": "^0.5.2",
-    "@topcli/cliui": "^1.1.0",
-    "@topcli/spinner": "^2.1.2",
-    "cacache": "^18.0.0",
-    "dotenv": "^16.3.1",
-    "filenamify": "^6.0.0",
-    "ini": "^4.1.1",
-    "kleur": "^4.1.5",
-    "ms": "^2.1.3",
-    "open": "^9.1.0",
-    "polka": "^0.5.2",
-    "qoa": "^0.2.0",
-    "sade": "^1.8.1",
-    "semver": "^7.5.4",
-    "server-destroy": "^1.0.1",
-    "sirv": "^2.0.3",
-    "zup": "0.0.1"
-  }
-}
+{
+  "name": "@nodesecure/cli",
+  "version": "2.2.1",
+  "description": "Node.js security CLI",
+  "main": "./bin/index.js",
+  "bin": {
+    "node-secure": "./bin/index.js",
+    "nsecure": "./bin/index.js"
+  },
+  "type": "module",
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "eslint": "eslint bin src test",
+    "eslint-fix": "npm run eslint -- --fix",
+    "prepublishOnly": "rimraf ./dist && npm run build && pkg-ok",
+    "build": "node ./esbuild.config.js",
+    "test": "npm run test-only && npm run eslint",
+    "test-only": "node --loader=esmock --no-warnings --test test/",
+    "coverage": "c8 --reporter=lcov npm run test"
+  },
+  "files": [
+    "bin",
+    "dist",
+    "src",
+    "views"
+  ],
+  "workspaces": [
+    "workspaces/documentation-ui",
+    "workspaces/vis-network"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NodeSecure/cli.git"
+  },
+  "keywords": [
+    "node",
+    "nodejs",
+    "security",
+    "cli",
+    "sast",
+    "scanner",
+    "static",
+    "code",
+    "analysis",
+    "node_modules",
+    "tree",
+    "npm",
+    "registry",
+    "graph",
+    "visualization",
+    "dependencies"
+  ],
+  "author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/NodeSecure/cli/issues"
+  },
+  "homepage": "https://github.com/NodeSecure/cli#readme",
+  "devDependencies": {
+    "@myunisoft/httpie": "^2.0.1",
+    "@nodesecure/eslint-config": "^1.7.1",
+    "@nodesecure/size-satisfies": "^1.1.0",
+    "@nodesecure/vis-network": "^1.4.0",
+    "@types/node": "^20.5.3",
+    "c8": "^8.0.1",
+    "cross-env": "^7.0.3",
+    "esbuild": "^0.19.2",
+    "eslint": "^8.47.0",
+    "esmock": "^2.3.8",
+    "http-server": "^14.1.1",
+    "pkg-ok": "^3.0.0",
+    "pretty-bytes": "^6.1.1",
+    "rimraf": "^5.0.5",
+    "strip-ansi": "^7.1.0"
+  },
+  "dependencies": {
+    "@nodesecure/documentation-ui": "^1.3.0",
+    "@nodesecure/flags": "^2.4.0",
+    "@nodesecure/i18n": "^3.4.0",
+    "@nodesecure/licenses-conformance": "^2.1.0",
+    "@nodesecure/npm-registry-sdk": "^1.6.1",
+    "@nodesecure/ossf-scorecard-sdk": "^3.1.0",
+    "@nodesecure/rc": "^1.5.0",
+    "@nodesecure/scanner": "^5.1.0",
+    "@nodesecure/utils": "^1.1.0",
+    "@nodesecure/vuln": "^1.7.0",
+    "@openally/result": "^1.2.0",
+    "@polka/send-type": "^0.5.2",
+    "@topcli/cliui": "^1.1.0",
+    "@topcli/spinner": "^2.1.2",
+    "cacache": "^18.0.0",
+    "dotenv": "^16.3.1",
+    "filenamify": "^6.0.0",
+    "ini": "^4.1.1",
+    "kleur": "^4.1.5",
+    "ms": "^2.1.3",
+    "open": "^9.1.0",
+    "polka": "^0.5.2",
+    "qoa": "^0.2.0",
+    "sade": "^1.8.1",
+    "semver": "^7.5.4",
+    "server-destroy": "^1.0.1",
+    "sirv": "^2.0.3",
+    "zup": "0.0.1"
+  }
+}

public/js/components/home.js

@@ -24,23 +24,24 @@ export class HomeView {
   }
 
   generateScorecard() {
-    const { repository } = this.secureDataSet.linker.get(0);
-    const repoName = utils.getGithubRepositoryPath(
-      utils.parseRepositoryUrl(repository)
-    )
+    const { name } = this.secureDataSet.linker.get(0);
+    const pkg = this.secureDataSet.data.dependencies[name];
+    const repoName = utils.getRepositoryName(pkg);
+    const platform = utils.getRepositoryPlatform(pkg);
+
     if (repoName === null) {
       return;
     }
 
-    fetchScorecardData(repoName).then((data) => {
+    fetchScorecardData(repoName, platform).then((data) => {
       if (data !== null) {
         document
           .querySelector(".home--header--scorecard .score")
           .classList.add(getScoreColor(data.score));
         document.getElementById("home-scorecard-score").innerHTML = data.score;
         const scorescardElement = document.querySelector(".home--header--scorecard");
         scorescardElement.addEventListener("click", () => {
-          window.open(getScorecardLink(repoName), "_blank");
+          window.open(getScorecardLink(repoName, platform), "_blank");
         });
         scorescardElement.style.display = "flex";
       }
@@ -209,7 +210,7 @@ export class HomeView {
     const maxAuthors = 8;
     const hideItems = authors.length > maxAuthors;
 
-    for (let id = 0; id<authors.length; id++) {
+    for (let id = 0; id < authors.length; id++) {
       const [name, data] = authors[id];
       const { count, email, url = null } = data;
 

public/js/components/package/package.js

@@ -11,6 +11,8 @@ export class PackageInfo {
     if (domElement.classList.contains("slide-in")) {
       domElement.setAttribute("class", "slide-out");
     }
+
+    window.dispatchEvent(new CustomEvent("package-info-closed", { detail: null }));
   }
 
   /**

public/js/components/package/pannels/scorecard.js

@@ -18,27 +18,23 @@ export class Scorecard {
    * @param {!HTMLTemplateElement} clone
    */
   generate(clone) {
-    const githubURL = this.package.links.github;
-    if (!githubURL.href) {
-      return this.hide();
-    }
+    const repoName = utils.getRepositoryName(this.package);
 
-    const repoName = utils.getGithubRepositoryPath(githubURL.href);
-    if (repoName === null) {
-      return;
-    }
     const pannel = clone.getElementById("pan-scorecard");
-    fetchScorecardData(repoName).then((data) => {
+    const isGitlab = this.package.links.gitlab || utils.isGitLabHost(this.package.links.homepage?.href);
+    const platform = isGitlab ? "gitlab.com" : "github.com";
+
+    fetchScorecardData(repoName, platform).then((data) => {
       if (!data) {
         return this.hide();
       }
 
-      pannel.appendChild(this.renderScorecard(data, repoName));
+      pannel.appendChild(this.renderScorecard(data, repoName, platform));
       document.getElementById('scorecard-menu').style.display = 'flex';
     });
   }
 
-  renderScorecard(data, repoName) {
+  renderScorecard(data, repoName, platform) {
     const { score, checks } = data;
 
     const container = utils.createDOMElement('div', {
@@ -56,7 +52,7 @@ export class Scorecard {
     document.getElementById('head-score').innerText = score;
     document
       .querySelector(".score-header .visualizer a")
-      .setAttribute('href', getScorecardLink(repoName));
+      .setAttribute('href', getScorecardLink(repoName, platform));
 
     container.childNodes.forEach((check, checkKey) => {
       check.addEventListener('click', () => {