-
Notifications
You must be signed in to change notification settings - Fork 14
/
scanner.d.ts
192 lines (183 loc) · 5.23 KB
/
scanner.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
// Import NodeSecure Dependencies
import * as JSXRay from "@nodesecure/js-x-ray";
import { license as License } from "@nodesecure/ntlp";
import * as Vuln from "@nodesecure/vuln";
import { Flags } from "@nodesecure/flags";
// Import Third-party Dependencies
import { Maintainer } from "@npm/types";
export = Scanner;
declare namespace Scanner {
export interface Publisher {
/**
* Publisher npm user name.
*/
name: string;
/**
* Publisher npm user email.
*/
email: string;
/**
* First version published.
*/
version: string;
/**
* Date of the first publication
* @example 2021-08-10T20:45:08.342Z
*/
at: string;
}
export interface DependencyVersion {
/** Id of the package (useful for usedBy relation) */
id: number;
isDevDependency: boolean;
/** By whom (id) is used the package */
usedBy: Record<string, string>;
/** Size on disk of the extracted tarball (in bytes) */
size: number;
/** Package description */
description: string;
/** Author of the package. This information is not trustable and can be empty. */
author: Maintainer;
/**
* JS-X-Ray warnings
*
* @see https://github.com/NodeSecure/js-x-ray/blob/master/WARNINGS.md
*/
warnings: JSXRay.Warning<JSXRay.BaseWarning>[];
/** Tarball composition (files and dependencies) */
composition: {
/** Files extensions (.js, .md, .exe etc..) */
extensions: string[];
files: string[];
/** Minified files (foo.min.js etc..) */
minified: string[];
required_files: string[];
required_thirdparty: string[];
required_nodejs: string[];
unused: string[];
missing: string[];
};
/**
* Package licenses with SPDX expression.
*
* @see https://github.com/NodeSecure/licenses-conformance
* @see https://github.com/NodeSecure/npm-tarball-license-parser
*/
license: License[];
/**
* Flags (Array of string)
*
* @see https://github.com/NodeSecure/flags/blob/main/FLAGS.md
*/
flags: Flags[];
/**
* If the dependency is a GIT repository
*/
gitUrl: null | string;
}
export interface Dependency {
/** NPM Registry metadata */
metadata: {
/** Count of dependencies */
dependencyCount: number;
/** Number of releases published on npm */
publishedCount: number;
lastUpdateAt: number;
/** Last version SemVer */
lastVersion: number;
hasChangedAuthor: boolean;
hasManyPublishers: boolean;
hasReceivedUpdateInOneYear: boolean;
/** Author of the package. This information is not trustable and can be empty. */
author: Maintainer;
/** Package home page */
homepage: string | null;
/**
* List of maintainers (list of people in the organization related to the package)
*/
maintainers: { name: string, email: string }[];
/**
* List of people who published this package
*/
publishers: Publisher[];
}
/** List of versions of this package available in the dependency tree (In the payload) */
versions: Record<string, DependencyVersion>;
/**
* Vulnerabilities fetched dependending on the selected vulnerabilityStrategy
*
* @see https://github.com/NodeSecure/vuln
*/
vulnerabilities: Vuln.Strategy.StandardVulnerability[];
}
export type GlobalWarning = string[];
export type Dependencies = Record<string, Dependency>;
export interface Payload {
/** Payload unique id */
id: string;
/** Name of the analyzed package */
rootDependencyName: string;
/** Global warnings list */
warnings: GlobalWarning[];
/** All the dependencies of the package (flattened) */
dependencies: Dependencies;
/** Version of the scanner used to generate the result */
scannerVersion: string;
/** Vulnerability strategy name (npm, snyk, node) */
vulnerabilityStrategy: Vuln.Strategy.Kind;
}
export interface VerifyPayload {
files: {
list: string[];
extensions: string[];
minified: string[];
};
directorySize: number;
uniqueLicenseIds: string[];
licenses: License[];
ast: {
dependencies: Record<string, JSXRay.Dependency>;
warnings: JSXRay.Warning<JSXRay.BaseWarning>[];
};
}
export interface Options {
/**
* Maximum tree depth
*
* @default 4
*/
readonly maxDepth?: number;
/**
* Use root package-lock.json. This will have the effect of triggering the Arborist package.
*
* @default false for from() API
* @default true for cwd() API
*/
readonly usePackageLock?: boolean;
/**
* Include project devDependencies (only available for cwd command)
*
* @default false
*/
readonly includeDevDeps?: boolean;
/**
* Vulnerability strategy name (npm, snyk, node)
*
* @default NONE
*/
readonly vulnerabilityStrategy: Vuln.Strategy.Kind;
/**
* Analyze root package.
*
* @default false for from() API
* @default true for cwd() API
*/
readonly forceRootAnalysis?: boolean;
/**
* Deeper dependencies analysis with cwd() API.
*
* @default false
*/
readonly fullLockMode?: boolean;
}
}