scanner icon indicating copy to clipboard operation
scanner copied to clipboard
verified publisher icon NodeSecure

Implement scanner extraction probes in CLI, Report and CI

Open fraxken opened this issue 1 year ago • 1 comments

A lot of our tools, such as the CLI, CI, and Report, rely on JSON payloads generated by the Scanner (via from/cwd APIs) to extract data, such as:

  • [x] Contacts (author, maintainers, publishers)
  • [x] Licenses
  • [x] Size (tarball)
  • [x] Flags
  • [x] Files and dependencies (e.g., extensions, usage of Node.js core libs)
  • [x] Warnings
  • [x] Vulnerabilities

Here are examples from our projects:

There are likely a few other places where we have similar needs. If you spot any, please don't hesitate to comment.

One of the constraints in many of these projects is performance. Iterating over the entire payload multiple times can be quite costly. So we somewhat need to found an API design that match that need.

fraxken avatar Aug 18 '24 15:08 fraxken

PR in report for initial implementation of extractors: https://github.com/NodeSecure/report/pull/457

fraxken avatar Jun 13 '25 16:06 fraxken

i take this one.

ErwanRaulo avatar Nov 09 '25 08:11 ErwanRaulo