The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
It can be installed on your system and used as a CLI or installed directly into your Node.js project.
You can install the Scanoss package using npm (the Node Package Manager). Note that you will need to install Node.js and npm. Installing Node.js should install npm as well.
To download and install the Scanoss CLI run the following command: npm install -g scanoss
On the other hand, if you need to install the module in your own Node.js project and consume it as a dependency, execute the following command npm install scanoss
Running the bare command will list the available sub-commands:
Usage: scanoss-js [options] [command]
The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.
Options:
-V, --version output the version number
-h, --help display help for command
Commands:
scan [options] <source> Scan a folder/file
dep [options] <source> Scan for dependencies
wfp [options] <source> Generates fingerprints for a folder/file
help [command] display help for command
-
For a quick and free analysis of your project, simply input:
scanoss-js scan -o results.json <source-folder> -
Using an API Token for Scanning:
scanoss-js scan -o results.json --key <your_token> --apiurl <your_apiurl> <source-folder> -
Include Dependency detection in scanning:
scanoss-js scan -o results.json --dependencies <source-folder>
-
Generate Hashes without analysis:
scanoss-js wfp -o fingerprints.wfp <source-folder> -
Subsequent scanning of previously generated Hashes:
scanoss-js scan -w fingerprints.wfp -o results.json
Note: the --dependencies flag is not applicable here, given that manifest files aren't encompassed within the hashes.
- Focus Exclusively on Dependencies:
scanoss-js dep .
The manifest files acknowledged during the scanning process are:
* Python: requirements.txt, pyproject.toml
* Java: pom.xml
* Javascript: package.json, package-lock.json, yarn.lock
* Ruby: Gemfile, Gemfile.lock
* Golang: go.mod, go.sum
* .NET/NuGet: *.csproj, packages.config
* Gradle: build.gradle
The SDK provides a simple way to interact with the Scanoss APIs from your JS code. Here are two examples for performing code scanning and dependency scanning
// Import as ES6
import { Scanner, ScannerEvents, ScannerTypes } from 'scanoss';
// Import as CommonJS
// const { Scanner, ScannerEvents } = require('scanoss');
const scanner = new Scanner();
// Set the folder path where the module will save the scan results and fingerprints
// If is not specified, the module will create a folder on tmp
// directory using a timestamp as a name
scanner.setWorkDirectory('/yourProjectFolder/ScanResults/');
// Set the scanner log event handler
scanner.on(ScannerEvents.SCANNER_LOG, (logTxt) => console.log(logTxt));
// Set the scanner finish event handler
scanner.on(ScannerEvents.SCAN_DONE, (resultPath) => {
console.log('Path to results: ', resultPath);
});
const scannerInput = {
fileList: ['/yourProjectFolder/example1.c', '/yourProjectFolder/example2.c'],
};
// Launch the scanner
scanner.scan([scannerInput]);The scanner object provides a set of events that can be used to trigger custom actions. These events are listed in the table above and were previously mentioned.
| Event Name | Description |
|---|---|
| SCANNER_LOG | Report any internal scanner events |
| SCAN_DONE | Scan completed |
| DISPATCHER_NEW_DATA | New data received but not persisted |
| RESULTS_APPENDED | Results added to scan report file |
If you want to develop this package and use it locally in your project (without publishing it), follow these steps:
In the root of the scanoss.js package, run the command:
npm install && npm run build && npm link . This command creates a global symbolic link in your system that points to the local location of your package. This means you can use the package in any other Node.js project on your machine as if it were installed globally.
In the root of the project where you want to use the scanoss package, run the command:
npm link scanossThis will create a symbolic link in your project to the globally linked scanoss package. Any changes made in the package will be immediately reflected in the consuming project.
Remember that once you finish developing or using the package locally, you should break the link to avoid potential issues with future versions or with installing other packages. To do this, simply run:
npm unlink scanossin both the project and the scanoss package. This will remove the symbolic links and restore the normal state of the packages.