Fix bug with deepscan

node/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [5.1.4]
+
+### Bugfix
+
+- Fix bug where deepScan would sometimes not report vulnerabilities
+
 ## [5.1.3]
 
 ### Bugfix

node/lib/retire.js

@@ -4,7 +4,7 @@
  */
 
 var exports = exports || {};
-exports.version = '5.1.3';
+exports.version = '5.1.4';
 
 function isDefined(o) {
   return typeof o !== 'undefined';

node/package.json

@@ -2,7 +2,7 @@
   "author": "Erlend Oftedal <erlend@oftedal.no>",
   "name": "retire",
   "description": "Retire is a tool for detecting use of vulnerable libraries",
-  "version": "5.1.3",
+  "version": "5.1.4",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

node/src/deepscan.ts

@@ -1,5 +1,6 @@
 import { multiQuery } from 'astronomical';
 import { Component, Repository } from './types';
+import { check } from './retire';
 
 export function deepScan(content: string, repo: Repository): Component[] {
   const astQueries: Record<string, string> = {};
@@ -10,7 +11,7 @@ export function deepScan(content: string, repo: Repository): Component[] {
       backMap[`${name}_${i}`] = name;
     });
   });
-  const results = multiQuery(content, astQueries) as Record<string,[]>;
+  const results = multiQuery(content, astQueries) as Record<string, []>;
   const detected: Component[] = [];
   Object.entries(results).forEach(([key, value]) => {
     value.forEach((match) => {
@@ -27,7 +28,6 @@ export function deepScan(content: string, repo: Repository): Component[] {
   });
   return detected.reduce((acc, cur) => {
     if (acc.some((c) => c.component === cur.component && c.version === cur.version)) return acc;
-    acc.push(cur);
-    return acc;
+    return acc.concat(check(cur.component, cur.version, repo));
   }, [] as Component[]);
 }