@vltpkg/security-archive
Classes
SecurityArchive
Defined in: src/security-archive/src/index.ts:98
A database of security information for given packages in a graph.
Using the SecurityArchive.refresh() method will update the local cache with information from the socket.dev APIs or load from the local storage if available. Information about package security is then available using the SecurityArchive.get() method.
Extends
Implements
Constructors
new SecurityArchive()
new SecurityArchive(options): SecurityArchiveDefined in: src/security-archive/src/index.ts:137
Parameters
options
Returns
Overrides
LRUCache<DepID, PackageReportData>.constructorProperties
ok
ok: boolean = falseDefined in: src/security-archive/src/index.ts:110
True if the refresh process was successful and report data is available for all public registry packages in the graph.
Accessors
defaultMax
Get Signature
get static defaultMax(): numberDefined in: src/security-archive/src/index.ts:126
By default, limits to 100K entries in the in-memory archive.
Returns
number
defaultTtl
Get Signature
get static defaultTtl(): numberDefined in: src/security-archive/src/index.ts:133
By default, entries are cached for 3 hours.
Returns
number
Methods
refresh()
refresh(__namedParameters): Promise<void>Defined in: src/security-archive/src/index.ts:338
Starts the security archive by providing a GraphLike instance, its registry-based nodes are going to be used as valid potential entries.
Any entry that is missing from the persisted cached values are going to be requested in a batch-request to the remote socket.dev API.
Parameters
__namedParameters
Returns
Promise<void>
toJSON()
toJSON(): | undefined| Record<DepID, PackageReportData>Defined in: src/security-archive/src/index.ts:375
Outputs the current in-memory cache as a JSON object.
Returns
| undefined |
Record<DepID,
PackageReportData>
start()
static start(options): Promise<SecurityArchive>Defined in: src/security-archive/src/index.ts:115
Creates a new security archive instance and starts the refresh process.
Parameters
options
OptionsBase<DepID,
PackageReportData, unknown> & object &
SecurityArchiveRefreshOptions
Returns
Promise<SecurityArchive>
Interfaces
SecurityArchiveLike
Defined in: src/security-archive/src/types.ts:24
An interface for interacting with a security archive.
Properties
clear()
clear: () => void;Defined in: src/security-archive/src/types.ts:29
Returns
void
delete()
delete: (depId) => void;Defined in: src/security-archive/src/types.ts:27
Parameters
depId
Returns
void
get()
get: depId => undefined | PackageReportDataDefined in: src/security-archive/src/types.ts:25
Parameters
depId
Returns
undefined | PackageReportData
has()
has: depId => booleanDefined in: src/security-archive/src/types.ts:28
Parameters
depId
Returns
boolean
set()
set: (depId, data) => void;Defined in: src/security-archive/src/types.ts:26
Parameters
depId
data
Returns
void
Type Aliases
DBReadEntry
type DBReadEntry = objectDefined in: src/security-archive/src/index.ts:32
Type declaration
depID
depID: stringreport
report: stringstart
start: numberttl
ttl: numberDBWriteEntry
type DBWriteEntry = [string, string, number, number]Defined in: src/security-archive/src/index.ts:39
JSONItemResponse
type JSONItemResponse = objectDefined in: src/security-archive/src/index.ts:26
Type declaration
name
name: stringnamespace?
optional namespace: "@{string}";version
version: stringPackageAlert
type PackageAlert = objectDefined in: src/security-archive/src/types.ts:44
A known alert for a given package.
Type declaration
category
category: stringkey
key: stringprops
props: PackageAlertPropsseverity
severity: 'low' | 'middle' | 'high' | 'critical'type
type: stringPackageAlertProps
type PackageAlertProps = objectDefined in: src/security-archive/src/types.ts:35
Package alert extra information.
Type declaration
cveId
cveId: `CVE-${string}`cwes
cwes: object[];lastPublish
lastPublish: stringPackageReportData
type PackageReportData = objectDefined in: src/security-archive/src/types.ts:55
The report data for a given package.
Type declaration
alerts
alerts: PackageAlert[];author
author: string[];id
id: stringlicense
license: stringname
name: stringnamespace?
optional namespace: `@${string}`;size
size: numbertype
type: 'npm'version
version: stringSecurityArchiveOptions
type SecurityArchiveOptions = LRUCache.OptionsBase< DepID, PackageReportData, unknown> & objectDefined in: src/security-archive/src/index.ts:41
Type declaration
fetchMethod?
optional fetchMethod: undefined;Security archive does not supports a fetch-on-demand model.
path?
optional path: string;An optional value for the path in which to store the sqlite db.
retries?
optional retries: number;Number of retries attempts to reach the remote security API.
SecurityArchiveRefreshOptions
type SecurityArchiveRefreshOptions = objectDefined in: src/security-archive/src/types.ts:9
Parameter options for initializing a security archive.
Type declaration
graph
graph: GraphLikeA @link{GraphLike} instance to find what packages the security archive should have.
specOptions
specOptions: SpecOptionsA @link{SpecOptions} instance to use for resolving dependencies.
Variables
targetSecurityRegisty
const targetSecurityRegisty: 'https://registry.npmjs.org/' = 'https://registry.npmjs.org/'Defined in: src/security-archive/src/index.ts:24
version
version: stringDefined in: src/security-archive/src/index.ts:83
Functions
asPackageReportData()
function asPackageReportData(o): PackageReportDataDefined in: src/security-archive/src/types.ts:79
Parameters
o
unknown
Returns
isPackageReportData()
function isPackageReportData(o): o is PackageReportDataDefined in: src/security-archive/src/types.ts:67
Parameters
o
unknown
Returns
o is PackageReportData