@nodesecure/tarball
v1.0.0
Published
NodeSecure tarball scanner
Downloads
110
Readme
Requirements
- Node.js v20 or higher
Getting Started
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/tarball
# or
$ yarn add @nodesecure/tarball
Usage example
import * as tarball from "@nodesecure/tarball";
const scanResult = await tarball.scanPackage(
process.cwd()
);
console.log(scanResult);
[!NOTE] This package has been designed to be used by the Scanner package/workspace.
API
scanDirOrArchive
Method created for Scanner (to be refactored soon)
export interface scanDirOrArchiveOptions {
ref: DependencyRef;
location?: string;
tmpLocation?: null | string;
locker: Locker;
registry: string;
}
scanPackage(dest: string, packageName?: string): Promise< ScannedPackageResult >
Scan a given tarball archive or a local project.
interface ScannedPackageResult {
files: {
/** Complete list of files for the given package */
list: string[];
/** Complete list of extensions (.js, .md etc.) */
extensions: string[];
/** List of minified javascript files */
minified: string[];
};
/** Size of the directory in bytes */
directorySize: number;
/** Unique license contained in the tarball (MIT, ISC ..) */
uniqueLicenseIds: string[];
/** All licenses with their SPDX */
licenses: ntlp.SpdxLicenseConformance[];
ast: {
dependencies: Record<string, Record<string, Dependency>>;
warnings: Warning[];
};
}
License
MIT