feat: initial implementation of worker_threads for JS-X-Ray scan

.changeset/new-steaks-eat.md

@@ -0,0 +1,8 @@
+---
+"@nodesecure/tarball": major
+"@nodesecure/scanner": minor
+"@nodesecure/rc": minor
+"@nodesecure/tree-walker": minor
+---
+
+Implement Node.js worker_threads with a custom Pool to scan packages tarball with JS-X-Ray

.gitignore

@@ -63,7 +63,9 @@ typings/
 *.tsbuildinfo
 
 nsecure-result.json
-temp/
 dist/
+temp/
+temp.ts
 temp.js
 temp.mjs
+.claude

workspaces/conformance/package.json

@@ -11,7 +11,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types",
     "spdx:refresh": "node ./scripts/fetchSpdxLicenses.js"

workspaces/contact/package.json

@@ -11,7 +11,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "npm run build && tsd && attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types"
   },

workspaces/contact/test/ContactExtractor.spec.ts

@@ -1,6 +1,6 @@
 // Import Node.js Dependencies
 import assert from "node:assert";
-import { describe, test } from "node:test";
+import { describe, test, mock } from "node:test";
 import { join } from "node:path";
 import { readFileSync } from "node:fs";
 
@@ -13,6 +13,7 @@ import {
   ContactExtractor,
   type ContactExtractorPackageMetadata
 } from "../src/index.ts";
+import { NsResolver } from "../src/NsResolver.class.ts";
 
 // CONSTANTS
 const kManifestFixturePath = join(import.meta.dirname, "fixtures", "manifest");
@@ -110,10 +111,14 @@ describe("ContactExtractor", () => {
     });
 
     test("Given a Contact with a non-existing email domain, it must be identified as expired", async() => {
+      const mockedGetExpired = mock.method(NsResolver.prototype, "getExpired");
       const extractor = new ContactExtractor({
         highlight: []
       });
       const expiredEmail = "john.doe+test@somenonexistentdomainongoogle9991254874x54x54.com";
+      mockedGetExpired.mock.mockImplementation(
+        () => Promise.resolve([expiredEmail])
+      );
 
       const dependencies: Record<string, ContactExtractorPackageMetadata> = {
         kleur: {
@@ -127,6 +132,7 @@ describe("ContactExtractor", () => {
 
       const { expired } = await extractor.fromDependencies(dependencies);
       assert.deepEqual(expired, [expiredEmail]);
+      mockedGetExpired.mock.restore();
     });
   });
 
@@ -185,22 +191,37 @@ describe("ContactExtractor", () => {
     });
 
     test("Given a manifest with only active emails it shouldn't have any expired email", async() => {
+      const mockedGetExpired = mock.method(
+        NsResolver.prototype,
+        "getExpired",
+        () => Promise.resolve([])
+      );
       const extractor = new ContactExtractor({
         highlight: []
       });
 
       const { expired } = await extractor.fromManifest(kManifest);
       assert.deepEqual(expired, []);
+      mockedGetExpired.mock.restore();
     });
 
     test("Given a Contact with a non-existing email domain, it must be identified as expired", async() => {
       const extractor = new ContactExtractor({
         highlight: []
       });
       const expiredEmail = "john.doe+test@somenonexistentdomainongoogle9991254874x54x54.com";
+      const mockedGetExpired = mock.method(
+        NsResolver.prototype,
+        "getExpired",
+        () => Promise.resolve([expiredEmail])
+      );
 
-      const { expired } = await extractor.fromManifest({ ...kManifest, author: { ...kManifest.author!, email: expiredEmail } });
+      const { expired } = await extractor.fromManifest({
+        ...kManifest,
+        author: { ...kManifest.author!, email: expiredEmail }
+      });
       assert.deepEqual(expired, [expiredEmail]);
+      mockedGetExpired.mock.restore();
     });
   });
 
@@ -270,19 +291,31 @@ describe("ContactExtractor", () => {
     });
 
     test("Given a packument with only active emails it shouldn't have any expired email", async() => {
+      const mockedGetExpired = mock.method(
+        NsResolver.prototype,
+        "getExpired",
+        () => Promise.resolve([])
+      );
+
       const extractor = new ContactExtractor({
         highlight: []
       });
 
       const { expired } = await extractor.fromPackument(kPackument);
       assert.deepEqual(expired, []);
+      mockedGetExpired.mock.restore();
     });
 
     test("Given a Contact with a non-existing email domain, it must be identified as expired", async() => {
       const extractor = new ContactExtractor({
         highlight: []
       });
       const expiredEmail = "john.doe+test@somenonexistentdomainongoogle9991254874x54x54.com";
+      const mockedGetExpired = mock.method(
+        NsResolver.prototype,
+        "getExpired",
+        () => Promise.resolve([expiredEmail])
+      );
       const versions = Object.entries(kPackument.versions)
         .reduce((acc: Record<string, PackumentVersion>, [version, value]) => {
           return {
@@ -294,8 +327,12 @@ describe("ContactExtractor", () => {
           };
         }, {});
 
-      const { expired } = await extractor.fromPackument({ ...kPackument, versions });
+      const { expired } = await extractor.fromPackument({
+        ...kPackument,
+        versions
+      });
       assert.deepEqual(expired, [expiredEmail]);
+      mockedGetExpired.mock.restore();
     });
   });
 });

workspaces/flags/package.json

@@ -5,7 +5,7 @@
   "scripts": {
     "build": "tsc -b & cp -R ./src/flags ./dist/flags",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types",
     "generateFlags": "node scripts/generateFlags.ts"

workspaces/fs-walk/package.json

@@ -11,7 +11,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types"
   },

workspaces/github/package.json

@@ -8,7 +8,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types"
   },

workspaces/gitlab/package.json

@@ -8,7 +8,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types"
   },

workspaces/i18n/package.json

@@ -7,7 +7,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types",
     "build:documentation": "node ./scripts/buildDocumentation.ts"

workspaces/mama/package.json

@@ -8,7 +8,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "npm run build && tsd && attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types"
   },

workspaces/rc/package.json

@@ -11,7 +11,7 @@
   "scripts": {
     "build": "tsc -b",
     "prepublishOnly": "npm run build",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "npm run build && tsd && attw --pack . --profile esm-only",
     "test": "c8 -r html npm run test-only && npm run test-types"
   },
@@ -45,7 +45,7 @@
     "ajv": "8.18.0"
   },
   "dependencies": {
-    "@nodesecure/js-x-ray": "14.3.0",
+    "@nodesecure/js-x-ray": "15.0.0",
     "@nodesecure/npm-types": "^1.2.0",
     "@nodesecure/vulnera": "3.1.0",
     "@openally/config": "^1.0.1",

workspaces/scanner/package.json

@@ -22,7 +22,7 @@
     "lint": "eslint src test",
     "prepublishOnly": "npm run build && pkg-ok",
     "test": "c8 -r html npm run test-only && npm run test-types",
-    "test-only": "node --test ./test/**/*.spec.ts",
+    "test-only": "node --test \"./test/**/*.spec.ts\"",
     "test-types": "attw --pack . --profile esm-only"
   },
   "publishConfig": {
@@ -68,7 +68,7 @@
     "@nodesecure/contact": "^3.0.0",
     "@nodesecure/flags": "^3.0.3",
     "@nodesecure/i18n": "^4.1.0",
-    "@nodesecure/js-x-ray": "14.3.0",
+    "@nodesecure/js-x-ray": "15.0.0",
     "@nodesecure/mama": "^2.2.0",
     "@nodesecure/npm-registry-sdk": "4.5.2",
     "@nodesecure/npm-types": "^1.3.0",