diff --git a/.npmrc b/.npmrc index 33cc073d..83ef3961 100644 --- a/.npmrc +++ b/.npmrc @@ -1,2 +1,4 @@ package-lock=false provenance=true +save-exact=true +ignore-scripts=true diff --git a/package.json b/package.json index 2b5f345e..a550b893 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "@nodesecure/npm-registry-sdk": "^4.4.0", "@nodesecure/ossf-scorecard-sdk": "^3.2.1", "@nodesecure/rc": "^5.0.0", - "@nodesecure/report": "^3.0.0", + "@nodesecure/report": "4.0.0", "@nodesecure/scanner": "^7.1.0", "@nodesecure/utils": "^2.2.0", "@nodesecure/vulnera": "^2.0.1", diff --git a/workspaces/server/src/endpoints/report.ts b/workspaces/server/src/endpoints/report.ts index e50f82c9..9faa8f9c 100644 --- a/workspaces/server/src/endpoints/report.ts +++ b/workspaces/server/src/endpoints/report.ts @@ -2,17 +2,18 @@ import fs from "node:fs"; // Import Third-party Dependencies -import { report } from "@nodesecure/report"; import send from "@polka/send-type"; -import type { Request, Response } from "express-serve-static-core"; +import { report } from "@nodesecure/report"; import { appCache } from "@nodesecure/cache"; +import type { Request, Response } from "express-serve-static-core"; +import type { RC } from "@nodesecure/rc"; // Import Internal Dependencies import { context } from "../ALS.js"; import { bodyParser } from "../middlewares/bodyParser.js"; // TODO: provide a non-file-based API on RC side ? -const kReportPayload = { +const kReportPayload: Partial = { includeTransitiveInternal: false, reporters: [ "pdf" @@ -46,16 +47,22 @@ const kReportPayload = { }; export async function post(req: Request, res: Response) { - const body = await bodyParser(req); + const body = await bodyParser(req) as { + title: string; + includesAllDeps: boolean; + theme: "light" | "dark"; + }; const { title, includesAllDeps, theme } = body; + const { dataFilePath } = context.getStore()!; const scannerPayload = dataFilePath ? JSON.parse(fs.readFileSync(dataFilePath, "utf-8")) : appCache.getPayload((await appCache.payloadsList()).current); - const reportPayload = structuredClone(kReportPayload); + const rootDependencyName = scannerPayload.rootDependencyName; const [organizationPrefixOrRepo, repo] = rootDependencyName.split("/"); - Object.assign(reportPayload, { + const reportPayload = structuredClone({ + ...kReportPayload, title, npm: { organizationPrefix: repo === undefined ? null : organizationPrefixOrRepo, @@ -65,8 +72,14 @@ export async function post(req: Request, res: Response) { }); try { + const dependencies = includesAllDeps ? + scannerPayload.dependencies : + { + [rootDependencyName]: scannerPayload.dependencies[rootDependencyName] + }; + const data = await report( - includesAllDeps ? scannerPayload.dependencies : { [rootDependencyName]: scannerPayload.dependencies[rootDependencyName] }, + dependencies, reportPayload ); diff --git a/workspaces/server/src/middlewares/bodyParser.ts b/workspaces/server/src/middlewares/bodyParser.ts index cbffd063..f8ce6b32 100644 --- a/workspaces/server/src/middlewares/bodyParser.ts +++ b/workspaces/server/src/middlewares/bodyParser.ts @@ -7,7 +7,9 @@ import type { Request } from "express-serve-static-core"; * @param {*} req * @returns {Promise} */ -export async function bodyParser(req: Request) { +export async function bodyParser( + req: Request +) { let rawBody = ""; for await (const chunk of req) { rawBody += chunk;