@vltpkg/security-archive
Classes
SecurityArchive
Defined in: src/security-archive/src/index.ts:100
A database of security information for given packages in a graph.
Using the SecurityArchive.refresh() method will update the local cache with information from the socket.dev APIs or load from the local storage if available. Information about package security is then available using the SecurityArchive.get() method.
Extends
Implements
Constructors
new SecurityArchive()
new SecurityArchive(options): SecurityArchiveDefined in: src/security-archive/src/index.ts:139
Parameters
options
Returns
Overrides
LRUCache<DepID, PackageReportData>.constructorProperties
ok
ok: boolean = falseDefined in: src/security-archive/src/index.ts:112
True if the refresh process was successful and report data is available for all public registry packages in the graph.
Implementation of
Accessors
defaultMax
Get Signature
get static defaultMax(): numberDefined in: src/security-archive/src/index.ts:128
By default, limits to 100K entries in the in-memory archive.
Returns
number
defaultTtl
Get Signature
get static defaultTtl(): numberDefined in: src/security-archive/src/index.ts:135
By default, entries are cached for 3 hours.
Returns
number
Methods
refresh()
refresh(__namedParameters): Promise<void>Defined in: src/security-archive/src/index.ts:341
Starts the security archive by providing a GraphLike instance, its registry-based nodes are going to be used as valid potential entries.
Any entry that is missing from the persisted cached values are going to be requested in a batch-request to the remote socket.dev API.
Parameters
__namedParameters
Returns
Promise<void>
toJSON()
toJSON(): Record<DepID, PackageReportData>Defined in: src/security-archive/src/index.ts:378
Outputs the current in-memory cache as a JSON object.
Returns
Record<DepID,
PackageReportData>
start()
static start(options): Promise<SecurityArchive>Defined in: src/security-archive/src/index.ts:117
Creates a new security archive instance and starts the refresh process.
Parameters
options
OptionsBase<DepID,
PackageReportData, unknown> & object &
SecurityArchiveRefreshOptions
Returns
Promise<SecurityArchive>
Interfaces
SecurityArchiveLike
Defined in: src/security-archive/src/types.ts:24
An interface for interacting with a security archive.
Properties
clear()
clear: () => void;Defined in: src/security-archive/src/types.ts:29
Returns
void
delete()
delete: (depId) => void;Defined in: src/security-archive/src/types.ts:27
Parameters
depId
Returns
void
get()
get: depId => undefined | PackageReportDataDefined in: src/security-archive/src/types.ts:25
Parameters
depId
Returns
undefined | PackageReportData
has()
has: depId => booleanDefined in: src/security-archive/src/types.ts:28
Parameters
depId
Returns
boolean
ok?
optional ok: boolean;Defined in: src/security-archive/src/types.ts:30
set()
set: (depId, data) => void;Defined in: src/security-archive/src/types.ts:26
Parameters
depId
data
Returns
void
Type Aliases
DBReadEntry
type DBReadEntry = objectDefined in: src/security-archive/src/index.ts:34
Type declaration
depID
depID: stringreport
report: stringstart
start: numberttl
ttl: numberDBWriteEntry
type DBWriteEntry = [string, string, number, number]Defined in: src/security-archive/src/index.ts:41
JSONItemResponse
type JSONItemResponse = objectDefined in: src/security-archive/src/index.ts:28
Type declaration
name
name: stringnamespace?
optional namespace: "@{string}";version
version: stringPackageAlert
type PackageAlert = objectDefined in: src/security-archive/src/types.ts:65
A known alert for a given package.
Type declaration
category
category: stringkey
key: stringprops?
optional props: PackageAlertProps;severity
severity: 'low' | 'medium' | 'high' | 'critical'type
type: stringPackageAlertProps
type PackageAlertProps = objectDefined in: src/security-archive/src/types.ts:56
Package alert extra information.
Type declaration
cveId?
optional cveId: `CVE-${string}`;cwes?
optional cwes: object[];lastPublish
lastPublish: stringPackageReportData
type PackageReportData = objectDefined in: src/security-archive/src/types.ts:106
The report data for a given package.
Type declaration
alerts
alerts: PackageAlert[];author
author: string[];id
id: stringlicense
license: stringname
name: stringnamespace?
optional namespace: `@${string}`;score
score: PackageScoresize
size: numbertype
type: 'npm'version
version: stringPackageScore
type PackageScore = objectDefined in: src/security-archive/src/types.ts:76
The scores for a given package
Type declaration
license
license: numberScore factors relating to package licensing (0-1)
maintenance
maintenance: numberScore factors relating to package maintenance (0-1)
overall
overall: numberThe average of all score factors. (0-1)
quality
quality: numberScore factors relating to code quality (0-1)
supplyChain
supplyChain: numberScore factors relating to supply chain security (0-1)
vulnerability
vulnerability: numberScore factors relating to package vulnerabilities (0-1)
SecurityArchiveOptions
type SecurityArchiveOptions = LRUCache.OptionsBase< DepID, PackageReportData, unknown> & objectDefined in: src/security-archive/src/index.ts:43
Type declaration
fetchMethod?
optional fetchMethod: undefined;Security archive does not supports a fetch-on-demand model.
path?
optional path: string;An optional value for the path in which to store the sqlite db.
retries?
optional retries: number;Number of retries attempts to reach the remote security API.
SecurityArchiveRefreshOptions
type SecurityArchiveRefreshOptions = objectDefined in: src/security-archive/src/types.ts:9
Parameter options for initializing a security archive.
Type declaration
graph
graph: GraphLikeA @link{GraphLike} instance to find what packages the security archive should have.
specOptions
specOptions: SpecOptionsA @link{SpecOptions} instance to use for resolving dependencies.
Variables
targetSecurityRegisty
const targetSecurityRegisty: 'https://registry.npmjs.org/' = 'https://registry.npmjs.org/'Defined in: src/security-archive/src/index.ts:26
version
version: stringDefined in: src/security-archive/src/index.ts:85
Functions
asPackageReportData()
function asPackageReportData(o): PackageReportDataDefined in: src/security-archive/src/types.ts:132
Parameters
o
unknown
Returns
asSecurityArchiveLike()
function asSecurityArchiveLike(o): SecurityArchiveLikeDefined in: src/security-archive/src/types.ts:44
Parameters
o
unknown
Returns
isPackageReportData()
function isPackageReportData(o): o is PackageReportDataDefined in: src/security-archive/src/types.ts:119
Parameters
o
unknown
Returns
o is PackageReportData
isSecurityArchiveLike()
function isSecurityArchiveLike(o): o is SecurityArchiveLikeDefined in: src/security-archive/src/types.ts:33
Parameters
o
unknown
Returns
o is SecurityArchiveLike