vulnera icon indicating copy to clipboard operation
vulnera copied to clipboard
verified publisher icon NodeSecure

Make the API work for a given manifest path (or payload).

Open fraxken opened this issue 3 years ago • 4 comments

Vuln is originally designed to work with NodeSecure/scanner. However i would like to expand the API to allow any third-party codes to use this package.

The hydratePayloadDependencies method is very specialized for the Scanner. One of my idea is to provide a new method to allow to launch an analysis on a given manifest (package.json). We could ask for a path or even a manifest payload.

However all strategies may not work well with this (Node.js Security WG for example). But we can work step by step to provide support and find solutions for those strategies (no need to rush).

fraxken avatar Apr 19 '22 16:04 fraxken

@mbalabash You might be interested to contribute on this ? (I know that last time you were looking for things to contribute).

fraxken avatar Apr 23 '22 13:04 fraxken

Hey! @fraxken I like the idea of this issue, but at the moment I don’t have enough free time to jump into this task.

mbalabash avatar May 02 '22 13:05 mbalabash

Hello @fraxken !

I am available and interested in the subject, I am willing to take the issue 🙂

Mathieuka avatar May 18 '22 15:05 Mathieuka

Release v1.7.0 include the new method (only available for npm strategy right now). We need to work and analyze how to implement the same for other strategy.

fraxken avatar May 30 '22 17:05 fraxken

Closing, as today API evolved quite a lot and I think today this is quite ok.

fraxken avatar Sep 04 '23 19:09 fraxken