@nodesecure/tarball
TypeScript icon, indicating that this package has built-in type declarations

1.0.0 • Public • Published

@nodesecure/tarball

Utilities to extract and deeply analyze NPM tarball

Requirements

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/tarball
# or
$ yarn add @nodesecure/tarball

Usage example

import * as tarball from "@nodesecure/tarball";

const scanResult = await tarball.scanPackage(
  process.cwd()
);
console.log(scanResult);

[!NOTE] This package has been designed to be used by the Scanner package/workspace.

API

scanDirOrArchive

Method created for Scanner (to be refactored soon)

export interface scanDirOrArchiveOptions {
  ref: DependencyRef;
  location?: string;
  tmpLocation?: null | string;
  locker: Locker;
  registry: string;
}

scanPackage(dest: string, packageName?: string): Promise< ScannedPackageResult >

Scan a given tarball archive or a local project.

interface ScannedPackageResult {
  files: {
    /** Complete list of files for the given package */
    list: string[];
    /** Complete list of extensions (.js, .md etc.) */
    extensions: string[];
    /** List of minified javascript files */
    minified: string[];
  };
  /** Size of the directory in bytes */
  directorySize: number;
  /** Unique license contained in the tarball (MIT, ISC ..) */
  uniqueLicenseIds: string[];
  /** All licenses with their SPDX */
  licenses: ntlp.SpdxLicenseConformance[];
  ast: {
    dependencies: Record<string, Record<string, Dependency>>;
    warnings: Warning[];
  };
}

License

MIT

Readme

Keywords

Package Sidebar

Install

npm i @nodesecure/tarball

Weekly Downloads

19

Version

1.0.0

License

MIT

Unpacked Size

56.1 kB

Total Files

66

Last publish

Collaborators

  • pierred
  • antoine-coulon
  • kawacrepe
  • fraxken
  • tonygo