@vltpkg/security-archive

Classes

SecurityArchive

Defined in: src/security-archive/src/index.ts:101

A database of security information for given packages in a graph.

Using the SecurityArchive.refresh() method will update the local cache with information from the socket.dev APIs or load from the local storage if available. Information about package security is then available using the SecurityArchive.get() method.

Extends

LRUCache<DepID, PackageReportData>

Implements

SecurityArchiveLike

Constructors

new SecurityArchive()

new SecurityArchive(options): SecurityArchive

Defined in: src/security-archive/src/index.ts:141

Parameters

options

SecurityArchiveOptions = {}

Returns

SecurityArchive

Overrides

LRUCache<DepID, PackageReportData>.constructor

Properties

ok

ok: boolean = false

Defined in: src/security-archive/src/index.ts:114

True if the refresh process was successful and report data is available for all public registry packages in the graph.

Implementation of

SecurityArchiveLike.ok

Accessors

defaultMax

Get Signature

get static defaultMax(): number

Defined in: src/security-archive/src/index.ts:130

By default, limits to 100K entries in the in-memory archive.

Returns

number

defaultTtl

Get Signature

get static defaultTtl(): number

Defined in: src/security-archive/src/index.ts:137

By default, entries are cached for 3 hours.

Returns

number

Methods

refresh()

refresh(__namedParameters): Promise<void>

Defined in: src/security-archive/src/index.ts:385

Starts the security archive by providing a GraphLike instance, its registry-based nodes are going to be used as valid potential entries.

Any entry that is missing from the persisted cached values are going to be requested in a batch-request to the remote socket.dev API.

Parameters

__namedParameters

SecurityArchiveRefreshOptions

Returns

Promise<void>

toJSON()

toJSON(): Record<DepID, PackageReportData>

Defined in: src/security-archive/src/index.ts:438

Outputs the current in-memory cache as a JSON object.

Returns

Record<DepID, PackageReportData>

start()

static start(options): Promise<SecurityArchive>

Defined in: src/security-archive/src/index.ts:119

Creates a new security archive instance and starts the refresh process.

Parameters

options

OptionsBase<DepID, PackageReportData, unknown> & object & SecurityArchiveRefreshOptions

Returns

Promise<SecurityArchive>

Interfaces

SecurityArchiveLike

Defined in: src/security-archive/src/types.ts:24

An interface for interacting with a security archive.

Properties

clear()

clear: () => void;

Defined in: src/security-archive/src/types.ts:29

Returns

void

delete()

delete: (depId) => void;

Defined in: src/security-archive/src/types.ts:27

Parameters

depId

DepID

Returns

void

get()

get: depId => undefined | PackageReportData

Defined in: src/security-archive/src/types.ts:25

Parameters

depId

DepID

Returns

undefined | PackageReportData

has()

has: depId => boolean

Defined in: src/security-archive/src/types.ts:28

Parameters

depId

DepID

Returns

boolean

ok?

optional ok: boolean;

Defined in: src/security-archive/src/types.ts:30

set()

set: (depId, data) => void;

Defined in: src/security-archive/src/types.ts:26

Parameters

depId

DepID

data

PackageReportData

Returns

void

Type Aliases

DBReadEntry

type DBReadEntry = object

Defined in: src/security-archive/src/index.ts:34

Type declaration

depID

depID: string

now

now: number

report

report: string

start

start: number

ttl

ttl: number

DBWriteEntry

type DBWriteEntry = [string, string, number, number]

Defined in: src/security-archive/src/index.ts:42

JSONItemResponse

type JSONItemResponse = object

Defined in: src/security-archive/src/index.ts:28

Type declaration

name

name: string

namespace?

optional namespace: "@{string}";

version

version: string

PackageAlert

type PackageAlert = object

Defined in: src/security-archive/src/types.ts:65

A known alert for a given package.

Type declaration

key

key: string

props?

optional props: PackageAlertProps;

severity

severity: 'low' | 'medium' | 'high' | 'critical'

type

type: string

PackageAlertProps

type PackageAlertProps = object

Defined in: src/security-archive/src/types.ts:56

Package alert extra information.

Type declaration

cveId?

optional cveId: `CVE-${string}`;

cwes?

optional cwes: object[];

lastPublish

lastPublish: string

PackageReportData

type PackageReportData = object

Defined in: src/security-archive/src/types.ts:106

The report data for a given package.

Type declaration

alerts

alerts: PackageAlert[];

author

author: string[];

id

id: string

license

license: string

name

name: string

namespace?

optional namespace: `@${string}`;

score

score: PackageScore

size

size: number

type

type: 'npm'

version

version: string

PackageScore

type PackageScore = object

Defined in: src/security-archive/src/types.ts:76

The scores for a given package

Type declaration

license

license: number

Score factors relating to package licensing (0-1)

maintenance

maintenance: number

Score factors relating to package maintenance (0-1)

overall

overall: number

The average of all score factors. (0-1)

quality

quality: number

Score factors relating to code quality (0-1)

supplyChain

supplyChain: number

Score factors relating to supply chain security (0-1)

vulnerability

vulnerability: number

Score factors relating to package vulnerabilities (0-1)

SecurityArchiveOptions

type SecurityArchiveOptions = LRUCache.OptionsBase<
  DepID,
  PackageReportData,
  unknown
> &
  object

Defined in: src/security-archive/src/index.ts:44

Type declaration

fetchMethod?

optional fetchMethod: undefined;

Security archive does not supports a fetch-on-demand model.

path?

optional path: string;

An optional value for the path in which to store the sqlite db.

retries?

optional retries: number;

Number of retries attempts to reach the remote security API.

SecurityArchiveRefreshOptions

type SecurityArchiveRefreshOptions = object

Defined in: src/security-archive/src/types.ts:9

Parameter options for initializing a security archive.

Type declaration

graph

graph: GraphLike

A @link{GraphLike} instance to find what packages the security archive should have.

specOptions

specOptions: SpecOptions

A @link{SpecOptions} instance to use for resolving dependencies.

Variables

targetSecurityRegisty

const targetSecurityRegisty: 'https://registry.npmjs.org/' =
  'https://registry.npmjs.org/'

Defined in: src/security-archive/src/index.ts:26

version

version: string

Defined in: src/security-archive/src/index.ts:86

Functions

asPackageReportData()

function asPackageReportData(o): PackageReportData

Defined in: src/security-archive/src/types.ts:132

Parameters

o

unknown

Returns

PackageReportData

asSecurityArchiveLike()

function asSecurityArchiveLike(o): SecurityArchiveLike

Defined in: src/security-archive/src/types.ts:44

Parameters

o

unknown

Returns

SecurityArchiveLike

isPackageReportData()

function isPackageReportData(o): o is PackageReportData

Defined in: src/security-archive/src/types.ts:119

Parameters

o

unknown

Returns

o is PackageReportData

isSecurityArchiveLike()

function isSecurityArchiveLike(o): o is SecurityArchiveLike

Defined in: src/security-archive/src/types.ts:33

Parameters

o

unknown

Returns

o is SecurityArchiveLike

On this page

@vltpkg/security-archive

Classes

SecurityArchive

Extends

Implements

Constructors

new SecurityArchive()

Parameters

options

Returns

Overrides

Properties

ok

Implementation of

Accessors

defaultMax

Get Signature

Returns

defaultTtl

Get Signature

Returns

Methods

refresh()

Parameters

__namedParameters

Returns

toJSON()

Returns

start()

Parameters

options

Returns

Interfaces

SecurityArchiveLike

Properties

clear()

Returns

delete()

Parameters

depId

Returns

get()

Parameters

depId

Returns

has()

Parameters

depId

Returns

ok?

set()

Parameters

depId

data

Returns

Type Aliases

DBReadEntry

Type declaration

depID

now

report

start

ttl

DBWriteEntry

JSONItemResponse

Type declaration

name

namespace?

version

PackageAlert

Type declaration

category

key

props?

severity

type

PackageAlertProps

Type declaration

cveId?