mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
Type check safe-chain package
This commit is contained in:
Hans Ott
parent
d5dc801c00
commit
c88b1a624f
60 changed files with 1179 additions and 33 deletions
|
|
@ -3,6 +3,16 @@ import fetch from "make-fetch-happen";
|
|||
const malwareDatabaseUrl =
|
||||
"https://malware-list.aikido.dev/malware_predictions.json";
|
||||
|
||||
/**
|
||||
* @typedef MalwarePackage
|
||||
* @property {string} package_name
|
||||
* @property {string} version
|
||||
* @property {string} reason
|
||||
*/
|
||||
|
||||
/**
|
||||
* @returns {Promise<{malwareDatabase: MalwarePackage[], version: string | undefined}>}
|
||||
*/
|
||||
export async function fetchMalwareDatabase() {
|
||||
const response = await fetch(malwareDatabaseUrl);
|
||||
if (!response.ok) {
|
||||
|
|
@ -15,11 +25,14 @@ export async function fetchMalwareDatabase() {
|
|||
malwareDatabase: malwareDatabase,
|
||||
version: response.headers.get("etag") || undefined,
|
||||
};
|
||||
} catch (error) {
|
||||
} catch (/** @type {any} */ error) {
|
||||
throw new Error(`Error parsing malware database: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @returns {Promise<string | undefined>}
|
||||
*/
|
||||
export async function fetchMalwareDatabaseVersion() {
|
||||
const response = await fetch(malwareDatabaseUrl, {
|
||||
method: "HEAD",
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
import * as semver from "semver";
|
||||
import * as npmFetch from "npm-registry-fetch";
|
||||
|
||||
/**
|
||||
* @param {string} packageName
|
||||
* @param {string | null} [versionRange]
|
||||
* @returns {Promise<string | null>}
|
||||
*/
|
||||
export async function resolvePackageVersion(packageName, versionRange) {
|
||||
if (!versionRange) {
|
||||
versionRange = "latest";
|
||||
|
|
@ -11,7 +16,10 @@ export async function resolvePackageVersion(packageName, versionRange) {
|
|||
return versionRange;
|
||||
}
|
||||
|
||||
const packageInfo = await getPackageInfo(packageName);
|
||||
const packageInfo = (
|
||||
/** @type {{"dist-tags"?: Record<string, string>} | null} */
|
||||
await getPackageInfo(packageName)
|
||||
);
|
||||
if (!packageInfo) {
|
||||
// It is possible that no version is found (could be a private package, or a package that doesn't exist)
|
||||
// In this case, we return null to indicate that we couldn't resolve the version
|
||||
|
|
@ -19,7 +27,7 @@ export async function resolvePackageVersion(packageName, versionRange) {
|
|||
}
|
||||
|
||||
const distTags = packageInfo["dist-tags"];
|
||||
if (distTags && distTags[versionRange]) {
|
||||
if (distTags && isDistTags(distTags)) {
|
||||
// If the version range is a dist-tag, return the version associated with that tag
|
||||
// e.g., "latest", "next", etc.
|
||||
return distTags[versionRange];
|
||||
|
|
@ -41,6 +49,19 @@ export async function resolvePackageVersion(packageName, versionRange) {
|
|||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {unknown} distTags
|
||||
* @returns {distTags is Record<string, string>}
|
||||
*/
|
||||
function isDistTags(distTags) {
|
||||
return typeof distTags === "object";
|
||||
}
|
||||
|
||||
/**
|
||||
* @param {string} packageName
|
||||
* @returns {Promise<Record<string, unknown> | null>}
|
||||
*/
|
||||
async function getPackageInfo(packageName) {
|
||||
try {
|
||||
return await npmFetch.json(packageName);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue