oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-18 08:53:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Capture if a node module is private (#1161)

Browse Source
This commit is contained in:
Scott Andrews 2022-08-24 13:07:56 -04:00 committed by GitHub
parent 57c5413fe0
commit 5e93d1ea1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 344 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
syft/pkg/cataloger/javascript/parse_package_json.go
View File

@ -33,6 +33,7 @@ type packageJSON struct {
Description string `json:"description"`
Dependencies map[string]string `json:"dependencies"`
Repository repository `json:"repository"`
Private bool `json:"private"`
}
type author struct {
@ -217,6 +218,7 @@ func newPackageJSONPackage(p packageJSON) *pkg.Package {
Homepage: p.Homepage,
URL: p.Repository.URL,
Licenses: licenses,
Private: p.Private,
},
}
}

20
syft/pkg/cataloger/javascript/parse_package_json_test.go
View File

@ -147,6 +147,26 @@ func TestParsePackageJSON(t *testing.T) {
},
},
},
{
Fixture: "test-fixtures/pkg-json/package-private.json",
ExpectedPkg: pkg.Package{
Name: "npm",
Version: "6.14.6",
Type: pkg.NpmPkg,
Licenses: []string{"Artistic-2.0"},
Language: pkg.JavaScript,
MetadataType: pkg.NpmPackageJSONMetadataType,
Metadata: pkg.NpmPackageJSONMetadata{
Name: "npm",
Version: "6.14.6",
Author: "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)",
Homepage: "https://docs.npmjs.com/",
URL: "https://github.com/npm/cli",
Licenses: []string{"Artistic-2.0"},
Private: true,
},
},
},
}
for _, test := range tests {

6
syft/pkg/cataloger/javascript/parse_pnpm_lock_test.go
View File

@ -2,6 +2,7 @@ package javascript
import (
"os"
"sort"
"testing"
"github.com/anchore/syft/syft/pkg"
@ -45,6 +46,11 @@ func TestParsePnpmLock(t *testing.T) {
t.Error(err)
}
// we have to sort this for expected to match actual since yaml maps are unordered
sort.Slice(actual, func(p, q int) bool {
return actual[p].Name < actual[q].Name
})
differences := deep.Equal(expected, actual)
if differences != nil {
t.Errorf("returned package list differed from expectation: %+v", differences)

315
syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-private.json Normal file
View File

@ -0,0 +1,315 @@
{
"version": "6.14.6",
"name": "npm",
"private": true,
"description": "a package manager for JavaScript",
"keywords": [
"install",
"modules",
"package manager",
"package.json"
],
"preferGlobal": true,
"config": {
"publishtest": false
},
"homepage": "https://docs.npmjs.com/",
"author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)",
"repository": {
"type": "git",
"url": "https://github.com/npm/cli"
},
"bugs": {
"url": "https://npm.community/c/bugs"
},
"directories": {
"bin": "./bin",
"doc": "./doc",
"lib": "./lib",
"man": "./man"
},
"main": "./lib/npm.js",
"bin": {
"npm": "./bin/npm-cli.js",
"npx": "./bin/npx-cli.js"
},
"dependencies": {
"JSONStream": "^1.3.5",
"abbrev": "~1.1.1",
"ansicolors": "~0.3.2",
"ansistyles": "~0.1.3",
"aproba": "^2.0.0",
"archy": "~1.0.0",
"bin-links": "^1.1.7",
"bluebird": "^3.5.5",
"byte-size": "^5.0.1",
"cacache": "^12.0.3",
"call-limit": "^1.1.1",
"chownr": "^1.1.4",
"ci-info": "^2.0.0",
"cli-columns": "^3.1.2",
"cli-table3": "^0.5.1",
"cmd-shim": "^3.0.3",
"columnify": "~1.5.4",
"config-chain": "^1.1.12",
"detect-indent": "~5.0.0",
"detect-newline": "^2.1.0",
"dezalgo": "~1.0.3",
"editor": "~1.0.0",
"figgy-pudding": "^3.5.1",
"find-npm-prefix": "^1.0.2",
"fs-vacuum": "~1.2.10",
"fs-write-stream-atomic": "~1.0.10",
"gentle-fs": "^2.3.0",
"glob": "^7.1.6",
"graceful-fs": "^4.2.4",
"has-unicode": "~2.0.1",
"hosted-git-info": "^2.8.8",
"iferr": "^1.0.2",
"infer-owner": "^1.0.4",
"inflight": "~1.0.6",
"inherits": "^2.0.4",
"ini": "^1.3.5",
"init-package-json": "^1.10.3",
"is-cidr": "^3.0.0",
"json-parse-better-errors": "^1.0.2",
"lazy-property": "~1.0.0",
"libcipm": "^4.0.7",
"libnpm": "^3.0.1",
"libnpmaccess": "^3.0.2",
"libnpmhook": "^5.0.3",
"libnpmorg": "^1.0.1",
"libnpmsearch": "^2.0.2",
"libnpmteam": "^1.0.2",
"libnpx": "^10.2.2",
"lock-verify": "^2.1.0",
"lockfile": "^1.0.4",
"lodash._baseuniq": "~4.6.0",
"lodash.clonedeep": "~4.5.0",
"lodash.union": "~4.6.0",
"lodash.uniq": "~4.5.0",
"lodash.without": "~4.4.0",
"lru-cache": "^5.1.1",
"meant": "~1.0.1",
"mississippi": "^3.0.0",
"mkdirp": "^0.5.5",
"move-concurrently": "^1.0.1",
"node-gyp": "^5.1.0",
"nopt": "^4.0.3",
"normalize-package-data": "^2.5.0",
"npm-audit-report": "^1.3.2",
"npm-cache-filename": "~1.0.2",
"npm-install-checks": "^3.0.2",
"npm-lifecycle": "^3.1.4",
"npm-package-arg": "^6.1.1",
"npm-packlist": "^1.4.8",
"npm-pick-manifest": "^3.0.2",
"npm-profile": "^4.0.4",
"npm-registry-fetch": "^4.0.5",
"npm-user-validate": "~1.0.0",
"npmlog": "~4.1.2",
"once": "~1.4.0",
"opener": "^1.5.1",
"osenv": "^0.1.5",
"pacote": "^9.5.12",
"path-is-inside": "~1.0.2",
"promise-inflight": "~1.0.1",
"qrcode-terminal": "^0.12.0",
"query-string": "^6.8.2",
"qw": "~1.0.1",
"read": "~1.0.7",
"read-cmd-shim": "^1.0.5",
"read-installed": "~4.0.3",
"read-package-json": "^2.1.1",
"read-package-tree": "^5.3.1",
"readable-stream": "^3.6.0",
"readdir-scoped-modules": "^1.1.0",
"request": "^2.88.0",
"retry": "^0.12.0",
"rimraf": "^2.7.1",
"safe-buffer": "^5.1.2",
"semver": "^5.7.1",
"sha": "^3.0.0",
"slide": "~1.1.6",
"sorted-object": "~2.0.1",
"sorted-union-stream": "~2.1.3",
"ssri": "^6.0.1",
"stringify-package": "^1.0.1",
"tar": "^4.4.13",
"text-table": "~0.2.0",
"tiny-relative-date": "^1.3.0",
"uid-number": "0.0.6",
"umask": "~1.1.0",
"unique-filename": "^1.1.1",
"unpipe": "~1.0.0",
"update-notifier": "^2.5.0",
"uuid": "^3.3.3",
"validate-npm-package-license": "^3.0.4",
"validate-npm-package-name": "~3.0.0",
"which": "^1.3.1",
"worker-farm": "^1.7.0",
"write-file-atomic": "^2.4.3"
},
"bundleDependencies": [
"abbrev",
"ansicolors",
"ansistyles",
"aproba",
"archy",
"bin-links",
"bluebird",
"byte-size",
"cacache",
"call-limit",
"chownr",
"ci-info",
"cli-columns",
"cli-table3",
"cmd-shim",
"columnify",
"config-chain",
"debuglog",
"detect-indent",
"detect-newline",
"dezalgo",
"editor",
"figgy-pudding",
"find-npm-prefix",
"fs-vacuum",
"fs-write-stream-atomic",
"gentle-fs",
"glob",
"graceful-fs",
"has-unicode",
"hosted-git-info",
"iferr",
"imurmurhash",
"infer-owner",
"inflight",
"inherits",
"ini",
"init-package-json",
"is-cidr",
"json-parse-better-errors",
"JSONStream",
"lazy-property",
"libcipm",
"libnpm",
"libnpmaccess",
"libnpmhook",
"libnpmorg",
"libnpmsearch",
"libnpmteam",
"libnpx",
"lock-verify",
"lockfile",
"lodash._baseindexof",
"lodash._baseuniq",
"lodash._bindcallback",
"lodash._cacheindexof",
"lodash._createcache",
"lodash._getnative",
"lodash.clonedeep",
"lodash.restparam",
"lodash.union",
"lodash.uniq",
"lodash.without",
"lru-cache",
"meant",
"mississippi",
"mkdirp",
"move-concurrently",
"node-gyp",
"nopt",
"normalize-package-data",
"npm-audit-report",
"npm-cache-filename",
"npm-install-checks",
"npm-lifecycle",
"npm-package-arg",
"npm-packlist",
"npm-pick-manifest",
"npm-profile",
"npm-registry-fetch",
"npm-user-validate",
"npmlog",
"once",
"opener",
"osenv",
"pacote",
"path-is-inside",
"promise-inflight",
"qrcode-terminal",
"query-string",
"qw",
"read-cmd-shim",
"read-installed",
"read-package-json",
"read-package-tree",
"read",
"readable-stream",
"readdir-scoped-modules",
"request",
"retry",
"rimraf",
"safe-buffer",
"semver",
"sha",
"slide",
"sorted-object",
"sorted-union-stream",
"ssri",
"stringify-package",
"tar",
"text-table",
"tiny-relative-date",
"uid-number",
"umask",
"unique-filename",
"unpipe",
"update-notifier",
"uuid",
"validate-npm-package-license",
"validate-npm-package-name",
"which",
"worker-farm",
"write-file-atomic"
],
"devDependencies": {
"deep-equal": "^1.0.1",
"get-stream": "^4.1.0",
"licensee": "^7.0.3",
"marked": "^0.6.3",
"marked-man": "^0.6.0",
"npm-registry-couchapp": "^2.7.4",
"npm-registry-mock": "^1.3.1",
"require-inject": "^1.4.4",
"sprintf-js": "^1.1.2",
"standard": "^11.0.1",
"tacks": "^1.3.0",
"tap": "^12.7.0",
"tar-stream": "^2.1.0"
},
"scripts": {
"dumpconf": "env | grep npm | sort | uniq",
"prepare": "node bin/npm-cli.js rebuild && node bin/npm-cli.js --no-audit --no-timing prune --prefix=. --no-global && rimraf test/*/*/node_modules && make -j4 mandocs",
"preversion": "bash scripts/update-authors.sh && git add AUTHORS && git commit -m \"update AUTHORS\" || true",
"licenses": "licensee --production --errors-only",
"tap": "tap -J --timeout 300 --no-esm",
"tap-cover": "tap -J --nyc-arg=--cache --coverage --timeout 600 --no-esm",
"lint": "standard",
"pretest": "npm run lint",
"test": "npm run test-tap --",
"test:nocleanup": "NO_TEST_CLEANUP=1 npm run test --",
"sudotest": "sudo npm run tap -- \"test/tap/*.js\"",
"sudotest:nocleanup": "sudo NO_TEST_CLEANUP=1 npm run tap -- \"test/tap/*.js\"",
"posttest": "rimraf test/npm_cache*",
"test-coverage": "npm run tap-cover -- \"test/tap/*.js\" \"test/network/*.js\"",
"test-tap": "npm run tap -- \"test/tap/*.js\" \"test/network/*.js\"",
"test-node": "tap --timeout 240 \"test/tap/*.js\" \"test/network/*.js\""
},
"license": "Artistic-2.0",
"engines": {
"node": "6 >=6.2.0 || 8 || >=9.3.0"
}
}

1
syft/pkg/npm_package_json_metadata.go
View File

@ -19,6 +19,7 @@ type NpmPackageJSONMetadata struct {
Homepage string `mapstructure:"homepage" json:"homepage"`
Description string `mapstructure:"description" json:"description"`
URL string `mapstructure:"url" json:"url"`
Private bool `mapstructure:"private" json:"private"`
}
// PackageURL returns the PURL for the specific NPM package (see https://github.com/package-url/purl-spec)