Skip to content

Commit

Permalink
fix: add missing deprecated check in packageMetadata (#191)
Browse files Browse the repository at this point in the history
  • Loading branch information
@fraxken
fraxken authored Dec 2, 2023
1 parent 4e879d7 commit 019c046
Show file tree
Hide file tree
Showing 3 changed files with 114 additions and 86 deletions.
170 changes: 85 additions & 85 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,85 +1,85 @@
{
"name": "@nodesecure/scanner",
"version": "5.1.0",
"description": "A package API to run a static analysis of your module's dependencies.",
"exports": "./index.js",
"engines": {
"node": ">=18"
},
"scripts": {
"lint": "eslint src test",
"prepublishOnly": "pkg-ok",
"test": "npm run lint && npm run test-only",
"test:ci": "node --test test/**.spec.js test/**/*.spec.js",
"test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
"coverage": "c8 -r html npm run test-only"
},
"files": [
"src",
"i18n",
"types",
"index.js",
"index.d.ts"
],
"repository": {
"type": "git",
"url": "git+https://github.com/NodeSecure/scanner.git"
},
"keywords": [
"node",
"nodejs",
"security",
"cli",
"sast",
"scanner",
"static",
"code",
"analysis",
"node_modules",
"tree",
"npm",
"registry",
"graph",
"visualization",
"dependencies"
],
"author": "NodeSecure",
"license": "MIT",
"bugs": {
"url": "https://github.com/NodeSecure/scanner/issues"
},
"homepage": "https://github.com/NodeSecure/scanner#readme",
"devDependencies": {
"@nodesecure/eslint-config": "^1.8.0",
"@slimio/is": "^2.0.0",
"@types/node": "^20.10.0",
"c8": "^8.0.1",
"dotenv": "^16.3.1",
"eslint": "^8.37.0",
"get-folder-size": "^4.0.0",
"glob": "^10.3.10",
"pkg-ok": "^3.0.0",
"sinon": "^17.0.1",
"snap-shot-core": "^10.2.4"
},
"dependencies": {
"@nodesecure/authors": "^1.0.2",
"@nodesecure/flags": "^2.4.0",
"@nodesecure/fs-walk": "^1.0.0",
"@nodesecure/i18n": "^3.4.0",
"@nodesecure/js-x-ray": "^6.2.1",
"@nodesecure/npm-registry-sdk": "^1.6.1",
"@nodesecure/ntlp": "^2.2.1",
"@nodesecure/vuln": "^1.7.0",
"@npm/types": "^1.0.2",
"@npmcli/arborist": "^7.2.1",
"@slimio/lock": "^1.0.0",
"builtins": "^5.0.1",
"combine-async-iterators": "^2.1.0",
"itertools": "^2.1.2",
"lodash.difference": "^4.5.0",
"pacote": "^17.0.4",
"semver": "^7.5.4"
},
"type": "module"
}
{
"name": "@nodesecure/scanner",
"version": "5.1.0",
"description": "A package API to run a static analysis of your module's dependencies.",
"exports": "./index.js",
"engines": {
"node": ">=18"
},
"scripts": {
"lint": "eslint src test",
"prepublishOnly": "pkg-ok",
"test": "npm run lint && npm run test-only",
"test:ci": "node --test test/**.spec.js test/**/*.spec.js",
"test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
"coverage": "c8 -r html npm run test-only"
},
"files": [
"src",
"i18n",
"types",
"index.js",
"index.d.ts"
],
"repository": {
"type": "git",
"url": "git+https://github.com/NodeSecure/scanner.git"
},
"keywords": [
"node",
"nodejs",
"security",
"cli",
"sast",
"scanner",
"static",
"code",
"analysis",
"node_modules",
"tree",
"npm",
"registry",
"graph",
"visualization",
"dependencies"
],
"author": "NodeSecure",
"license": "MIT",
"bugs": {
"url": "https://github.com/NodeSecure/scanner/issues"
},
"homepage": "https://github.com/NodeSecure/scanner#readme",
"devDependencies": {
"@nodesecure/eslint-config": "^1.8.0",
"@slimio/is": "^2.0.0",
"@types/node": "^20.10.0",
"c8": "^8.0.1",
"dotenv": "^16.3.1",
"eslint": "8.37.0",
"get-folder-size": "^4.0.0",
"glob": "^10.3.10",
"pkg-ok": "^3.0.0",
"sinon": "^17.0.1",
"snap-shot-core": "^10.2.4"
},
"dependencies": {
"@nodesecure/authors": "^1.0.2",
"@nodesecure/flags": "^2.4.0",
"@nodesecure/fs-walk": "^1.0.0",
"@nodesecure/i18n": "^3.4.0",
"@nodesecure/js-x-ray": "^6.2.1",
"@nodesecure/npm-registry-sdk": "^1.6.1",
"@nodesecure/ntlp": "^2.2.1",
"@nodesecure/vuln": "^1.7.0",
"@npm/types": "^1.0.2",
"@npmcli/arborist": "^7.2.1",
"@slimio/lock": "^1.0.0",
"builtins": "^5.0.1",
"combine-async-iterators": "^2.1.0",
"itertools": "^2.1.2",
"lodash.difference": "^4.5.0",
"pacote": "^17.0.4",
"semver": "^7.5.4"
},
"type": "module"
}
8 changes: 7 additions & 1 deletion src/npmRegistry.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,21 +45,27 @@ export async function packageMetadata(name, version, options) {
};

const isOutdated = semver.neq(version, lastVersion);
const flags = ref.versions[version].flags;
if (isOutdated) {
ref.versions[version].flags.push("isOutdated");
flags.push("isOutdated");
}

const publishers = new Set();
let searchForMaintainersInVersions = metadata.maintainers.length === 0;
for (const ver of Object.values(pkg.versions).reverse()) {
const versionSpec = `${ver.name}:${ver.version}`;
if (packageSpec === versionSpec) {
if (ver.deprecated && !flags.includes("isDeprecated")) {
flags.push("isDeprecated");
}

metadata.integrity[ver.version] = getPackumentVersionIntegrity(
ver
);
}

const { _npmUser: npmUser, version, maintainers = [] } = ver;

const isNullOrUndefined = typeof npmUser === "undefined" || npmUser === null;
if (isNullOrUndefined || !("name" in npmUser) || typeof npmUser.name !== "string") {
continue;
Expand Down
22 changes: 22 additions & 0 deletions test/npmRegistry.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,3 +95,25 @@ test("registry.packageMetadata should find GitLab links", async() => {
repository: "https://gitlab.com/gitlab-org/gitlab-ui"
});
});

test("registry.packageMetadata should detect a deprecated package", async() => {
const ref = {
metadata: {},
versions: {
"2.5.9": {
flags: []
}
}
};
const logger = new Logger().start("registry");

await registry.packageMetadata("express", "2.5.9", {
ref,
logger
});

assert.deepEqual(ref.versions["2.5.9"].flags, [
"isOutdated",
"isDeprecated"
]);
});

0 comments on commit 019c046

Please sign in to comment.