diff --git a/.changeset/gold-parks-clean.md b/.changeset/gold-parks-clean.md new file mode 100644 index 00000000..c14a02e5 --- /dev/null +++ b/.changeset/gold-parks-clean.md @@ -0,0 +1,5 @@ +--- +"@nodesecure/scanner": minor +--- + +Enhance warnings extractor by adding unique kinds & refactoring response diff --git a/package-lock.json b/package-lock.json index fc2c8032..95b8a95d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6797,6 +6797,8 @@ }, "node_modules/frequency-set": { "version": "1.0.2", + "resolved": "https://registry.npmjs.org/frequency-set/-/frequency-set-1.0.2.tgz", + "integrity": "sha512-Qip6vS0fY/et08sZXumws05weoYvj2ZLkBq3xIwFDFLg8v5IMQiRa+P30tXL0CU6DiYUPLuN3HyRcwW6yWPdeA==", "license": "MIT" }, "node_modules/fs-extra": { @@ -11369,6 +11371,7 @@ "@nodesecure/tree-walker": "^1.2.0", "@nodesecure/vulnera": "^2.0.1", "@openally/mutex": "^1.0.0", + "frequency-set": "^1.0.2", "pacote": "^21.0.0", "semver": "^7.5.4", "type-fest": "^4.41.0" diff --git a/workspaces/scanner/package.json b/workspaces/scanner/package.json index 96a65a27..335fad77 100644 --- a/workspaces/scanner/package.json +++ b/workspaces/scanner/package.json @@ -62,6 +62,7 @@ "@nodesecure/tree-walker": "^1.2.0", "@nodesecure/vulnera": "^2.0.1", "@openally/mutex": "^1.0.0", + "frequency-set": "^1.0.2", "pacote": "^21.0.0", "semver": "^7.5.4", "type-fest": "^4.41.0" diff --git a/workspaces/scanner/src/extractors/probes/WarningsExtractor.class.ts b/workspaces/scanner/src/extractors/probes/WarningsExtractor.class.ts index 1f5c6406..21df64dc 100644 --- a/workspaces/scanner/src/extractors/probes/WarningsExtractor.class.ts +++ b/workspaces/scanner/src/extractors/probes/WarningsExtractor.class.ts @@ -1,5 +1,10 @@ // Import Third-party Dependencies -import type { WarningDefault, Warning } from "@nodesecure/js-x-ray"; +import type { + WarningDefault, + Warning, + WarningName +} from "@nodesecure/js-x-ray"; +import FrequencySet from "frequency-set"; // Import Internal Dependencies import type { @@ -9,8 +14,11 @@ import type { import type { DependencyVersion } from "../../types.js"; export type WarningsExtractorResult = { - warnings: Record[]>; - count: number; + warnings: { + count: number; + groups: Record[]>; + uniqueKinds: Record; + }; }; export interface WarningsExtractorOptions { @@ -24,6 +32,7 @@ export class WarningsExtractor implements ManifestProbeExtractor[]> = Object.create(null); + #uniqueKinds = new FrequencySet(); #count = 0; #useSpecAsKey: boolean; @@ -48,6 +57,10 @@ export class WarningsExtractor implements ManifestProbeExtractor warn.kind) + .forEach((kind) => this.#uniqueKinds.add(kind)); + if (key in this.#warnings) { this.#warnings[key].push(...warnings); } @@ -58,8 +71,11 @@ export class WarningsExtractor implements ManifestProbeExtractor { ); const { - count, warnings } = extractor.extractAndMerge(); - assert.strictEqual(count, 3); - const keys = Object.keys(warnings); + assert.strictEqual(warnings.count, 3); + const keys = Object.keys(warnings.groups); assert.deepEqual(keys, ["strnum@1.1.2"]); - const kinds = warnings["strnum@1.1.2"].map((warning) => warning.kind); - assert.deepEqual(kinds, ["unsafe-regex", "unsafe-regex", "encoded-literal"]); + assert.deepEqual( + warnings.groups["strnum@1.1.2"].map((warning) => warning.kind), + ["unsafe-regex", "unsafe-regex", "encoded-literal"] + ); + assert.deepEqual( + warnings.uniqueKinds, + { + "unsafe-regex": 2, + "encoded-literal": 1 + } + ); }); it("should extract strnum warnings with options useSpecAsKey: false", () => { @@ -162,12 +170,11 @@ describe("Extractors.Probes", () => { ); const { - count, warnings } = extractor.extractAndMerge(); - assert.strictEqual(count, 3); - const keys = Object.keys(warnings); + assert.strictEqual(warnings.count, 3); + const keys = Object.keys(warnings.groups); assert.deepEqual(keys, ["strnum"]); }); });