@nodesecure/scanner

A package API to run a static analysis of your module's dependencies.

Usage no npm install needed!

<script type="module">
  import nodesecureScanner from 'https://cdn.skypack.dev/@nodesecure/scanner';
</script>

README

NodeSecure Scanner

version Maintenance Security Responsible Disclosure mit build

⚡️ Run a static analysis of your module's dependencies.

Requirements

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/scanner
# or
$ yarn add @nodesecure/scanner

Usage example

import * as scanner from "@nodesecure/scanner";
import fs from "fs/promises";

// CONSTANTS
const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];

const payloads = await Promise.all(
  kPackagesToAnalyze.map((name) => scanner.from(name))
);

const promises = [];
for (let i = 0; i < kPackagesToAnalyze.length; i++) {
  const data = JSON.stringify(payloads[i], null, 2);

  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
}
await Promise.allSettled(promises);

API

See types/api.d.ts for a complete TypeScript definition.

function cwd(location: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function verify(packageName?: string | null): Promise<Scanner.VerifyPayload>;

Options is described with the following TypeScript interface:

interface Options {
  readonly maxDepth?: number;
  readonly usePackageLock?: boolean;
  readonly vulnerabilityStrategy: Strategy.Kind;
  readonly forceRootAnalysis?: boolean;
  readonly fullLockMode?: boolean;
}

Contributors ✨

All Contributors

Thanks goes to these wonderful people (emoji key):


Gentilhomme

💻 📖 👀 🛡️ 🐛

Tony Gorez

💻 📖 👀 🐛

Haze

💻

Maksim Balabash

💻

License

MIT