bb should have heuristics to detect crypto

[honzajavorek]

Dependencies containing or depending on crypto have special treatment. We should be able to have a primitive detection in blackbelt to distinguish those. There could be some keyword matching against the name of the package, but I think the most efficient MVP implementation would be to just maintain the list of the most common ones and when they appear in the dependency tree, blackbelt would flag them:

• bcrypt-pbkdf https://www.npmjs.com/package/bcrypt-pbkdf
• sshpk https://www.npmjs.com/package/sshpk
• uuid https://www.npmjs.com/package/uuid
• http-signature https://www.npmjs.com/package/http-signature
• TweetNaCl.js https://www.npmjs.com/package/tweetnacl
• ecc-jsbn https://www.npmjs.com/package/ecc-jsbn
• tls-keygen https://www.npmjs.com/package/tls-keygen
• ssh-fingerprint https://www.npmjs.com/package/ssh-fingerprint

Node.js’ very own builtin crypto module https://nodejs.org/api/crypto.html is fine.

[abtris]

Migrated to apiaryio/bb#12