From b40a3b392b025c81b17f3bea44cc2582e562cbaa Mon Sep 17 00:00:00 2001 From: cgombauld Date: Mon, 16 Feb 2026 19:02:19 +0100 Subject: [PATCH] chore: upgrade js-x-ray --- .changeset/tricky-tools-reply.md | 8 ++++ workspaces/rc/package.json | 2 +- workspaces/scanner/package.json | 2 +- workspaces/scanner/src/depWalker.ts | 6 +-- workspaces/tarball/package.json | 2 +- .../tarball/src/class/NpmTarball.class.ts | 42 ++++++++++--------- workspaces/tarball/test/NpmTarball.spec.ts | 10 ++--- .../tarball/test/SourceCodeReport.spec.ts | 4 +- .../tarball/test/SourceCodeScanner.spec.ts | 4 +- workspaces/tree-walker/package.json | 2 +- 10 files changed, 46 insertions(+), 36 deletions(-) create mode 100644 .changeset/tricky-tools-reply.md diff --git a/.changeset/tricky-tools-reply.md b/.changeset/tricky-tools-reply.md new file mode 100644 index 00000000..5776f9b8 --- /dev/null +++ b/.changeset/tricky-tools-reply.md @@ -0,0 +1,8 @@ +--- +"@nodesecure/tree-walker": minor +"@nodesecure/scanner": minor +"@nodesecure/tarball": minor +"@nodesecure/rc": minor +--- + +chore: upgrade js-x-ray diff --git a/workspaces/rc/package.json b/workspaces/rc/package.json index 96b196fe..acac92fd 100644 --- a/workspaces/rc/package.json +++ b/workspaces/rc/package.json @@ -45,7 +45,7 @@ "ajv": "6.12.6" }, "dependencies": { - "@nodesecure/js-x-ray": "11.5.0", + "@nodesecure/js-x-ray": "12.0.0", "@nodesecure/npm-types": "^1.2.0", "@nodesecure/vulnera": "^2.0.1", "@openally/config": "^1.0.1", diff --git a/workspaces/scanner/package.json b/workspaces/scanner/package.json index 82dc8291..5a16ea4c 100644 --- a/workspaces/scanner/package.json +++ b/workspaces/scanner/package.json @@ -68,7 +68,7 @@ "@nodesecure/contact": "^3.0.0", "@nodesecure/flags": "^3.0.3", "@nodesecure/i18n": "^4.1.0", - "@nodesecure/js-x-ray": "11.5.0", + "@nodesecure/js-x-ray": "12.0.0", "@nodesecure/mama": "^2.1.1", "@nodesecure/npm-registry-sdk": "^4.4.0", "@nodesecure/npm-types": "^1.3.0", diff --git a/workspaces/scanner/src/depWalker.ts b/workspaces/scanner/src/depWalker.ts index e0b21202..3542bcf9 100644 --- a/workspaces/scanner/src/depWalker.ts +++ b/workspaces/scanner/src/depWalker.ts @@ -11,7 +11,7 @@ import { scanDirOrArchive, type PacoteProvider } from "@nodesecure/tarball"; -import { CollectableSet } from "@nodesecure/js-x-ray"; +import { DefaultCollectableSet, type CollectableSet } from "@nodesecure/js-x-ray"; import * as Vulnera from "@nodesecure/vulnera"; import { npm } from "@nodesecure/tree-walker"; import { parseAuthor } from "@nodesecure/utils"; @@ -126,7 +126,7 @@ export async function depWalker( const statsCollector = new StatsCollector({ logger }, { isVerbose }); - const collectables = kCollectableTypes.map((type) => new CollectableSet(type)); + const collectables = kCollectableTypes.map((type) => new DefaultCollectableSet(type)); const pacoteProvider: PacoteProvider = { async extract(spec, dest, opts): Promise { @@ -412,7 +412,7 @@ export async function depWalker( } } -function extractHighlightedIdentifiers(collectables: CollectableSet[], identifiersToHighlight: Set) { +function extractHighlightedIdentifiers(collectables: DefaultCollectableSet[], identifiersToHighlight: Set) { if (identifiersToHighlight.size === 0) { return []; } diff --git a/workspaces/tarball/package.json b/workspaces/tarball/package.json index e2f4e917..628643df 100644 --- a/workspaces/tarball/package.json +++ b/workspaces/tarball/package.json @@ -47,7 +47,7 @@ "dependencies": { "@nodesecure/conformance": "^1.2.1", "@nodesecure/fs-walk": "^2.0.0", - "@nodesecure/js-x-ray": "11.5.0", + "@nodesecure/js-x-ray": "12.0.0", "@nodesecure/mama": "^2.1.1", "@nodesecure/npm-types": "^1.2.0", "@nodesecure/utils": "^2.3.0", diff --git a/workspaces/tarball/src/class/NpmTarball.class.ts b/workspaces/tarball/src/class/NpmTarball.class.ts index 3e00fd8b..c98f6c96 100644 --- a/workspaces/tarball/src/class/NpmTarball.class.ts +++ b/workspaces/tarball/src/class/NpmTarball.class.ts @@ -9,7 +9,7 @@ import { } from "@nodesecure/mama"; import { AstAnalyser, - CollectableSet, + DefaultCollectableSet, warnings, type AstAnalyserOptions } from "@nodesecure/js-x-ray"; @@ -87,25 +87,27 @@ export class NpmTarball { .flatMap(filterJavaScriptFiles()) }); - const operationQueue = - Array.from(hostNameSet) - .map(({ value, locations }) => this.#resolver.isPrivateHost(value) - .then((isPrivate) => { - if (isPrivate) { - locations.forEach(({ file, location }) => { - code.warnings.push({ - kind: "shady-link", - ...warnings["shady-link"], - file: file ?? undefined, - location, - value, - source: "Scanner" + if (hostNameSet instanceof DefaultCollectableSet) { + const operationQueue = + Array.from(hostNameSet) + .map(({ value, locations }) => this.#resolver.isPrivateHost(value) + .then((isPrivate) => { + if (isPrivate) { + locations.forEach(({ file, location }) => { + code.warnings.push({ + kind: "shady-link", + ...warnings["shady-link"], + file: file ?? undefined, + location, + value, + source: "Scanner" + }); }); - }); - } - }) - ); - await Promise.allSettled(operationQueue); + } + }) + ); + await Promise.allSettled(operationQueue); + } } return { @@ -121,7 +123,7 @@ export class NpmTarball { return options; } - return { ...options, collectables: [...options.collectables ?? [], new CollectableSet("hostname")] }; + return { ...options, collectables: [...options.collectables ?? [], new DefaultCollectableSet("hostname")] }; } } diff --git a/workspaces/tarball/test/NpmTarball.spec.ts b/workspaces/tarball/test/NpmTarball.spec.ts index 14f2ea06..d370fc04 100644 --- a/workspaces/tarball/test/NpmTarball.spec.ts +++ b/workspaces/tarball/test/NpmTarball.spec.ts @@ -5,7 +5,7 @@ import { describe, test } from "node:test"; import assert from "node:assert"; // Import Third-party Dependencies -import { CollectableSet, warnings, type Warning } from "@nodesecure/js-x-ray"; +import { DefaultCollectableSet, warnings, type Warning } from "@nodesecure/js-x-ray"; import { ManifestManager } from "@nodesecure/mama"; type SourceArrayLocation = [[number, number], [number, number]]; @@ -26,7 +26,7 @@ describe("NpmTarball", () => { test("it should have a shady-link warning when a hostname resolve a private ip address with collectables", async() => { const mama = await ManifestManager.fromPackageJSON(path.join(kFixturePath, "shady-link", "package.json")); const npmTarball = new NpmTarball(mama); - const hostnameSet = new CollectableSet("hostname"); + const hostnameSet = new DefaultCollectableSet("hostname"); const result = await npmTarball.scanFiles({ collectables: [hostnameSet] @@ -101,7 +101,7 @@ describe("NpmTarball", () => { const npmTarball = new NpmTarball(mama); const result = await npmTarball.scanFiles({ - collectables: [new CollectableSet("url"), new CollectableSet("ip")] + collectables: [new DefaultCollectableSet("url"), new DefaultCollectableSet("ip")] }); assert.deepEqual( @@ -136,7 +136,7 @@ describe("NpmTarball", () => { test("it should add the spec to collectables", async() => { const mama = await ManifestManager.fromPackageJSON(path.join(kFixturePath, "shady-link", "package.json")); const npmTarball = new NpmTarball(mama); - const hostnameSet = new CollectableSet("hostname"); + const hostnameSet = new DefaultCollectableSet("hostname"); await npmTarball.scanFiles({ collectables: [hostnameSet] @@ -146,7 +146,7 @@ describe("NpmTarball", () => { }); }); -function extractSpecs(collectableSet: CollectableSet) { +function extractSpecs(collectableSet: DefaultCollectableSet) { return Array.from(collectableSet) .flatMap(({ locations }) => locations.flatMap(({ metadata }) => metadata?.spec ?? [])); } diff --git a/workspaces/tarball/test/SourceCodeReport.spec.ts b/workspaces/tarball/test/SourceCodeReport.spec.ts index 6f44a532..76dfb9d6 100644 --- a/workspaces/tarball/test/SourceCodeReport.spec.ts +++ b/workspaces/tarball/test/SourceCodeReport.spec.ts @@ -5,7 +5,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Third-party Dependencies -import { AstAnalyser, CollectableSet } from "@nodesecure/js-x-ray"; +import { AstAnalyser, DefaultCollectableSet } from "@nodesecure/js-x-ray"; // Import Internal Dependencies import { SourceCodeScanner } from "../src/class/SourceCodeScanner.class.ts"; @@ -141,7 +141,7 @@ test("should detect the usage of global fetch and update hasExternalCapacity fla }); test("should add spec to collectables", async() => { - const emailSet = new CollectableSet<{ spec: string; }>("email"); + const emailSet = new DefaultCollectableSet<{ spec: string; }>("email"); const mama = createFakeManifestManager(); const scanner = new SourceCodeScanner(mama, { astAnalyser: new AstAnalyser({ collectables: [emailSet] }) diff --git a/workspaces/tarball/test/SourceCodeScanner.spec.ts b/workspaces/tarball/test/SourceCodeScanner.spec.ts index 9c4138a6..05fb6088 100644 --- a/workspaces/tarball/test/SourceCodeScanner.spec.ts +++ b/workspaces/tarball/test/SourceCodeScanner.spec.ts @@ -8,7 +8,7 @@ import { describe, test } from "node:test"; import { ManifestManager } from "@nodesecure/mama"; -import { type ReportOnFile, AstAnalyser, CollectableSet } from "@nodesecure/js-x-ray"; +import { type ReportOnFile, AstAnalyser, DefaultCollectableSet } from "@nodesecure/js-x-ray"; // Import Internal Dependencies import { @@ -139,7 +139,7 @@ describe("SourceCodeScanner", () => { test("it should add spec to collectables", async() => { const mama = loadFixtureManifest("entryfiles"); - const emailSet = new CollectableSet<{ spec?: string; }>("email"); + const emailSet = new DefaultCollectableSet<{ spec?: string; }>("email"); const scanner = new SourceCodeScanner(mama, { astAnalyser: new AstAnalyser({ diff --git a/workspaces/tree-walker/package.json b/workspaces/tree-walker/package.json index 5a74205b..495c5c52 100644 --- a/workspaces/tree-walker/package.json +++ b/workspaces/tree-walker/package.json @@ -37,7 +37,7 @@ }, "homepage": "https://github.com/NodeSecure/tree/master/workspaces/tree-walker#readme", "dependencies": { - "@nodesecure/js-x-ray": "11.5.0", + "@nodesecure/js-x-ray": "12.0.0", "@nodesecure/npm-registry-sdk": "^4.0.0", "@nodesecure/npm-types": "^1.1.0", "@npmcli/arborist": "9.1.10",