ts-node-client
v3.4.2
Published
npm / node module to transfer dependency information to TrustSource server.
Downloads
1,102
Maintainers
olexandrbigReadme
TrustSource ts-node-client
TrustSource node client - node module to transfer dependency information to TrustSource server.
Release 3.4.0
Migrated to TrustSource API v2. Please ensure your url is updated to https://api.trustsource.io.
PLEASE NOTE: API v1 is meanwhile deprecated. We plan to seize its functionality in September 30th, 2024. Starting from June, users of APIv1 will receive a deprecation notice. If you feel that this timeframe is too tough for you, please reach out to your engagement manager as soon as possible to clarify further proceedings.
Release 3.2.0
Package now support package-lock.json v.3
Release 3.1.0
Package now support yarn v.2+
Release 3.0.0
Package now is not including npm anymore. The addition has been done due to missing programmatic API in npm >= 8.0.0 and in order to skip deprecated dependencies
This change affects the structure of scans slightly, but it heavily improves the scanner.
Requirements
- node >= 12.0.0 use [email protected].+*
Older versions
- node >= 8.9.0
- npm < 8.0.0 use ts-node-client@1.*
- npm >= 8.0.0 use ts-node-client@2.*
Installation
Run: npm install --save-dev ts-node-client or yarn add --dev ts-node-client
You can add install_and_scan script to the package.json file to install and transfer dependency information using one command npm run install_and_scan:
"scripts": {
"install_and_scan": "npm install && ts-node-client -k apiKey -p Project"
},To store your credentials for automated transfer you may create .tsrc.json in your project directory or in your home directory to set credentials globally (not recommended!)
.tsrc.json example:
{
"apiKey": "apiKey",
"url": "https://api.trustsource.io",
"project": "Project Description"
}
Usage
You also may initiate transfer to TrustSource server manually by executing following command via terminal:
node_modules/.bin/ts-node-client
node_modules/.bin/ts-node-client -k apiKey -p Project --breakOnWarnings false --breakOnViolations true
node_modules/.bin/ts-node-client -c config.json npm / node module to transfer dependency information to TrustSource server.
Options:
--apiKey, -k apiKey [default: null]
--project, -p Project name [default: null]
--branch, -b Scan branch [default: null]
--tag, -t Scan tag [default: null]
--binaryLinks Binary links separated by comma [default: null]
--url url [default: null]
--config, -c Config path [default: null]
--proxy Proxy url like 'https://user:password@host:port' [default: null]
--version Prints a version [default: null]
--saveAs, -o Save as file (file name prefix) [default: null]
--saveAsFormat, -f Save as format (scan / cydx / spdx) [default: null]
--debug [default: null]
--simulate [default: null]
--includeDevDependencies [default: null]
--meteor [default: null]
--breakOnWarnings [default: null]
--breakOnViolations [default: null]
--help Prints a usage statement [boolean]
PLEASE NOTE: if you want to pass param into function you should add value, for example:
--breakOnViolations true or --saveAs sbom
Software bill of materials
Known problems
Error: The programmatic API was removed in npm v8.0.0
You should upgrade to 2.* versions of ts-node-client
Changelog available inside CHANGELOG.md
[DEPRECATED] Changelog
3.0.*
npm.lscli ->package-lock.jsonparse- npm removed
- updated dependencies
2.1.*
- Migrate 1.6.* - 1.8.* changes to version 2.1
- Bump dependencies
2.0.*
- Support new scan tool and fix problem with programmatic API for >= [email protected]
- Stop usage of
global-npmuntil we find new resolution - Get back
npmas local dependency
1.8.*
- SBOM
- --saveAs and --saveAsFormat
- Bump minimist from 1.2.5 to 1.2.6
- Bump urijs from 1.19.10 to 1.19.11
- replace packageurl-js with simple local function
- improve docs
1.7.*
- request -> axios
- fix dependencies
- doc fixes
1.6.*
- --breakOnWarnings and --breakOnViolations
- Bump devDependencies
1.5.*
- Describe
Error: The programmatic API was removed in npm v8.0.0 - Bump devDependencies
- Introduce sonarjs
1.4.*
- Bump glob-parent from 5.1.1 to 5.1.2
- Bump path-parse from 1.0.6 to 1.0.7
- Bump lodash from 4.17.19 to 4.17.21
- Bump y18n from 4.0.0 to 4.0.1
- Added:
- option --includeDevDependencies. It is allow to scan dev dependencies
1.3.*
- Use
global-npm(meaningnpmis no longer a dependency ofts-node-client)
1.2.*
- Added:
- option --brakeOnViolations. It is fail build in case any violations after scan transferred.
- option --brakeOnWarnings. It is fail build in case any warning after scan transferred.
1.1.*
- userName is not required param for scans
- Support usage of scan meta param binaryLinks inside Options definition
1.0.*
- Node JS and dependencies updates "node": ">= 8.12.0"
0.3.*
- Improve variable usage and tasks migration
- Support usage of scan meta params: branch and tag inside Options definition
- Skip npmDependency without names
- Update travis config
- Update dependency to resolve vulnerabilities
0.2.*
- Added proxy support and config
- Update travis config
- Updated README.md with
app.trustsource.io - Updated default url to
app.trustsource.io - Added windows support
- Fixed json
- Removed:
- options: --credentials and --credentialsFile instead you should use --config.
- option --baseUrl instead you should use --url.
- Added:
- option --config. It is similar to credentials, but it will contain any config information.
- option --url. It is similar to baseUrl.
- option --apiKey and --userName so it will be unnecessary to create
.tsrc.jsonfile. - options --version and --help.
- options shortcut.