@vltpkg/security-archive
Classes
SecurityArchive
Defined in: src/security-archive/src/index.ts:100
A database of security information for given packages in a graph.
Using the SecurityArchive.refresh() method will update the local cache with information from the socket.dev APIs or load from the local storage if available. Information about package security is then available using the SecurityArchive.get() method.
Extends
Implements
Constructors
new SecurityArchive()
new SecurityArchive(options): SecurityArchive
Defined in: src/security-archive/src/index.ts:139
Parameters
options
Returns
Overrides
LRUCache<DepID, PackageReportData>.constructor
Properties
ok
ok: boolean = false
Defined in: src/security-archive/src/index.ts:112
True if the refresh process was successful and report data is available for all public registry packages in the graph.
Implementation of
Accessors
defaultMax
Get Signature
get static defaultMax(): number
Defined in: src/security-archive/src/index.ts:128
By default, limits to 100K entries in the in-memory archive.
Returns
number
defaultTtl
Get Signature
get static defaultTtl(): number
Defined in: src/security-archive/src/index.ts:135
By default, entries are cached for 3 hours.
Returns
number
Methods
refresh()
refresh(__namedParameters): Promise<void>
Defined in: src/security-archive/src/index.ts:341
Starts the security archive by providing a GraphLike instance, its registry-based nodes are going to be used as valid potential entries.
Any entry that is missing from the persisted cached values are going to be requested in a batch-request to the remote socket.dev API.
Parameters
__namedParameters
Returns
Promise
<void
>
toJSON()
toJSON(): Record<DepID, PackageReportData>
Defined in: src/security-archive/src/index.ts:378
Outputs the current in-memory cache as a JSON object.
Returns
Record
<DepID
,
PackageReportData
>
start()
static start(options): Promise<SecurityArchive>
Defined in: src/security-archive/src/index.ts:117
Creates a new security archive instance and starts the refresh process.
Parameters
options
OptionsBase
<DepID
,
PackageReportData
, unknown
> & object
&
SecurityArchiveRefreshOptions
Returns
Promise
<SecurityArchive
>
Interfaces
SecurityArchiveLike
Defined in: src/security-archive/src/types.ts:24
An interface for interacting with a security archive.
Properties
clear()
clear: () => void;
Defined in: src/security-archive/src/types.ts:29
Returns
void
delete()
delete: (depId) => void;
Defined in: src/security-archive/src/types.ts:27
Parameters
depId
Returns
void
get()
get: depId => undefined | PackageReportData
Defined in: src/security-archive/src/types.ts:25
Parameters
depId
Returns
undefined
| PackageReportData
has()
has: depId => boolean
Defined in: src/security-archive/src/types.ts:28
Parameters
depId
Returns
boolean
ok?
optional ok: boolean;
Defined in: src/security-archive/src/types.ts:30
set()
set: (depId, data) => void;
Defined in: src/security-archive/src/types.ts:26
Parameters
depId
data
Returns
void
Type Aliases
DBReadEntry
type DBReadEntry = object
Defined in: src/security-archive/src/index.ts:34
Type declaration
depID
depID: string
report
report: string
start
start: number
ttl
ttl: number
DBWriteEntry
type DBWriteEntry = [string, string, number, number]
Defined in: src/security-archive/src/index.ts:41
JSONItemResponse
type JSONItemResponse = object
Defined in: src/security-archive/src/index.ts:28
Type declaration
name
name: string
namespace?
optional namespace: "@{string}";
version
version: string
PackageAlert
type PackageAlert = object
Defined in: src/security-archive/src/types.ts:65
A known alert for a given package.
Type declaration
category
category: string
key
key: string
props?
optional props: PackageAlertProps;
severity
severity: 'low' | 'medium' | 'high' | 'critical'
type
type: string
PackageAlertProps
type PackageAlertProps = object
Defined in: src/security-archive/src/types.ts:56
Package alert extra information.
Type declaration
cveId?
optional cveId: `CVE-${string}`;
cwes?
optional cwes: object[];
lastPublish
lastPublish: string
PackageReportData
type PackageReportData = object
Defined in: src/security-archive/src/types.ts:106
The report data for a given package.
Type declaration
alerts
alerts: PackageAlert[];
author
author: string[];
id
id: string
license
license: string
name
name: string
namespace?
optional namespace: `@${string}`;
score
score: PackageScore
size
size: number
type
type: 'npm'
version
version: string
PackageScore
type PackageScore = object
Defined in: src/security-archive/src/types.ts:76
The scores for a given package
Type declaration
license
license: number
Score factors relating to package licensing (0-1)
maintenance
maintenance: number
Score factors relating to package maintenance (0-1)
overall
overall: number
The average of all score factors. (0-1)
quality
quality: number
Score factors relating to code quality (0-1)
supplyChain
supplyChain: number
Score factors relating to supply chain security (0-1)
vulnerability
vulnerability: number
Score factors relating to package vulnerabilities (0-1)
SecurityArchiveOptions
type SecurityArchiveOptions = LRUCache.OptionsBase< DepID, PackageReportData, unknown> & object
Defined in: src/security-archive/src/index.ts:43
Type declaration
fetchMethod?
optional fetchMethod: undefined;
Security archive does not supports a fetch-on-demand model.
path?
optional path: string;
An optional value for the path in which to store the sqlite db.
retries?
optional retries: number;
Number of retries attempts to reach the remote security API.
SecurityArchiveRefreshOptions
type SecurityArchiveRefreshOptions = object
Defined in: src/security-archive/src/types.ts:9
Parameter options for initializing a security archive.
Type declaration
graph
graph: GraphLike
A @link{GraphLike} instance to find what packages the security archive should have.
specOptions
specOptions: SpecOptions
A @link{SpecOptions} instance to use for resolving dependencies.
Variables
targetSecurityRegisty
const targetSecurityRegisty: 'https://registry.npmjs.org/' = 'https://registry.npmjs.org/'
Defined in: src/security-archive/src/index.ts:26
version
version: string
Defined in: src/security-archive/src/index.ts:85
Functions
asPackageReportData()
function asPackageReportData(o): PackageReportData
Defined in: src/security-archive/src/types.ts:132
Parameters
o
unknown
Returns
asSecurityArchiveLike()
function asSecurityArchiveLike(o): SecurityArchiveLike
Defined in: src/security-archive/src/types.ts:44
Parameters
o
unknown
Returns
isPackageReportData()
function isPackageReportData(o): o is PackageReportData
Defined in: src/security-archive/src/types.ts:119
Parameters
o
unknown
Returns
o is PackageReportData
isSecurityArchiveLike()
function isSecurityArchiveLike(o): o is SecurityArchiveLike
Defined in: src/security-archive/src/types.ts:33
Parameters
o
unknown
Returns
o is SecurityArchiveLike