From 7683461cae04682ca7f22516038efea6f6b8a75a Mon Sep 17 00:00:00 2001
From: cgombauld <clement.gombauld@cpexterne.org>
Date: Mon, 26 May 2025 19:18:04 +0200
Subject: [PATCH] feat(Scanner): implement Packument deprecated property in
 dependencyVersion

---
 .changeset/khaki-moons-raise.md             | 7 +++++++
 workspaces/scanner/src/npmRegistry.ts       | 4 +++-
 workspaces/scanner/src/types.ts             | 1 +
 workspaces/scanner/test/npmRegistry.spec.ts | 2 ++
 4 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/khaki-moons-raise.md

diff --git a/.changeset/khaki-moons-raise.md b/.changeset/khaki-moons-raise.md
new file mode 100644
index 00000000..5dbaea74
--- /dev/null
+++ b/.changeset/khaki-moons-raise.md
@@ -0,0 +1,7 @@
+---
+"@nodesecure/scanner": minor
+---
+
+(Scanner) Implement Packument 'deprecated' property in DependencyVersion
+
+to include the message which come with the property when we detect it
diff --git a/workspaces/scanner/src/npmRegistry.ts b/workspaces/scanner/src/npmRegistry.ts
index 70d6fd73..035cbf49 100644
--- a/workspaces/scanner/src/npmRegistry.ts
+++ b/workspaces/scanner/src/npmRegistry.ts
@@ -76,7 +76,8 @@ export async function packageMetadata(
     };
 
     const isOutdated = semver.neq(version, lastVersion);
-    const flags = dependency.versions[version]!.flags;
+    const dependencyVersion = dependency.versions[version];
+    const flags = dependencyVersion!.flags;
     if (isOutdated) {
       flags.push("isOutdated");
     }
@@ -87,6 +88,7 @@ export async function packageMetadata(
       if (spec === `${ver.name}:${ver.version}`) {
         if ("deprecated" in ver && !flags.includes("isDeprecated")) {
           flags.push("isDeprecated");
+          dependencyVersion.deprecated = ver.deprecated;
         }
 
         metadata.integrity[ver.version] = packageJSONIntegrityHash(
diff --git a/workspaces/scanner/src/types.ts b/workspaces/scanner/src/types.ts
index 11fa643c..bb16ac3c 100644
--- a/workspaces/scanner/src/types.ts
+++ b/workspaces/scanner/src/types.ts
@@ -111,6 +111,7 @@ export interface DependencyVersion {
    */
   integrity?: string;
   links?: DependencyLinks;
+  deprecated?: string;
 }
 
 export interface Dependency {
diff --git a/workspaces/scanner/test/npmRegistry.spec.ts b/workspaces/scanner/test/npmRegistry.spec.ts
index 6f3ca506..d49cc505 100644
--- a/workspaces/scanner/test/npmRegistry.spec.ts
+++ b/workspaces/scanner/test/npmRegistry.spec.ts
@@ -131,4 +131,6 @@ test("registry.packageMetadata should detect a deprecated package", async() => {
     "isOutdated",
     "isDeprecated"
   ]);
+
+  assert.strictEqual(dependency.versions["2.5.9"].deprecated, "express 2.x series is deprecated");
 });