scanner
scanner copied to clipboard
Implement scanner extraction probes in CLI, Report and CI
A lot of our tools, such as the CLI, CI, and Report, rely on JSON payloads generated by the Scanner (via from/cwd APIs) to extract data, such as:
- [x] Contacts (author, maintainers, publishers)
- [x] Licenses
- [x] Size (tarball)
- [x] Flags
- [x] Files and dependencies (e.g., extensions, usage of Node.js core libs)
- [x] Warnings
- [x] Vulnerabilities
Here are examples from our projects:
- [x] Report: extractScannerData.js
- [x] CI: extract.ts
- [ ] Vis-network (CLI/WebUI): dataset.js
There are likely a few other places where we have similar needs. If you spot any, please don't hesitate to comment.
One of the constraints in many of these projects is performance. Iterating over the entire payload multiple times can be quite costly. So we somewhat need to found an API design that match that need.
PR in report for initial implementation of extractors: https://github.com/NodeSecure/report/pull/457
i take this one.