Components Highlighting (maintainers, packages and infrastructure) #733
Description
Context
@nodesecure/scanner supports highlighting of different tree components such as:
- packages
- maintainers/contacts
- infrastructure identifiers (URLs, IPs, etc.)
More information here.
The scanner accepts a highlight option and populates a highlighted field in the returned payload:
// Options passed to scanner
highlight?: {
contacts?: Contact[];
packages?: string[] | Record<string, string[] | SemverRange>;
identifiers?: string[];
};
// Populated in returned Payload
highlighted: {
contacts: IlluminatedContact[];
packages: string[];
identifiers: Identifier[];
};There are two topics to address:
- CLI flags — expose
packagesandidentifiershighlight options to the user via CLI arguments - Front-end integration — implement a new highlight page/view that surfaces everything that is highlighted in the payload
Current State
What already works
--contacts/-cflag is parsed inbin/index.jsand passed to the scanner ashighlight.contactsinsrc/commands/scanner.js(all three commands:cwd,from,auto)- Contact parsing is handled by
src/commands/parsers/contacts.js NodeSecureDataSet(inworkspaces/vis-network/src/dataset.ts) readspayload.highlighted.contactsand exposesisHighlighted(contact)for UI consumption- The maintainers panel (
public/components/views/home/maintainers/maintainers.js) usesisHighlighted()to apply a visual class and sort highlighted contacts to the top NodeSecureNetwork(workspaces/vis-network/src/network.ts) hashighlightMultipleNodes(nodeIds)available
What is missing
| Area | Gap |
|---|---|
| CLI | No --packages flag; highlight.packages is never passed to the scanner |
| CLI | No --identifiers flag; highlight.identifiers is never passed to the scanner |
| UI | Highlighted packages are not visually distinguished in the network graph or any panel |
| UI | Highlighted identifiers are not surfaced anywhere in the UI |
| UI | No dedicated "highlight summary" page/view exists |
CLI
- maintainers / contacts (already supported via
--contacts/-c) - packages
- identifiers (infrastructure)
--packages flag
Add an option (e.g. --packages or -p) to defaultScannerCommand() in bin/index.js that accepts a comma-separated list of package names (optionally with semver ranges).
The parsed value must be forwarded as highlight.packages in all three scanner commands (cwd, from, auto) inside src/commands/scanner.js, following the same pattern already used for contacts.
A parser similar to src/commands/parsers/contacts.js may be needed for packages.
The scanner type allows two shapes:
packages: string[]
// or
packages: Record<string, string[] | SemverRange>Start with the simpler string[] form (package names / package@version strings).
--identifiers flag
Add an option (e.g. --identifiers or -i) that accepts a comma-separated list of identifier strings (URLs, IPs, encoded strings, etc.) and forwards them as highlight.identifiers.
UI
Implement a new highlight panel/view that shows everything that is highlighted in the returned payload.
Highlight summary view
Add a new view (similar in structure to existing views under public/components/views/) that aggregates all highlighted items from the payload and presents them in one place:
- Highlighted contacts — names/emails, number of packages they maintain
- Highlighted packages — package name, version, direct/transitive flag
- Highlighted identifiers — identifier string, which package(s) it appears in
The view should be reachable from the command palette or a dedicated nav entry.
Empty state
If the payload contains no highlighted items at all (contacts, packages, and identifiers are all empty arrays), the view should display an informative empty state rather than a blank panel.