chore: update @nodesecure/scanner to v7.x (#583)

fraxken · web-flow · commit b65300f78658 · 2025-10-24T13:52:14.000+02:00
diff --git a/package.json b/package.json
@@ -94,11 +94,11 @@
     "@nodesecure/i18n": "^4.0.2",
     "@nodesecure/js-x-ray": "^9.2.0",
     "@nodesecure/licenses-conformance": "^2.1.0",
-    "@nodesecure/npm-registry-sdk": "^3.0.0",
+    "@nodesecure/npm-registry-sdk": "^4.4.0",
     "@nodesecure/ossf-scorecard-sdk": "^3.2.1",
     "@nodesecure/rc": "^5.0.0",
     "@nodesecure/report": "^3.0.0",
-    "@nodesecure/scanner": "^6.12.0",
+    "@nodesecure/scanner": "^7.1.0",
     "@nodesecure/utils": "^2.2.0",
     "@nodesecure/vulnera": "^2.0.1",
     "@openally/result": "^1.3.0",
diff --git a/src/commands/report.js b/src/commands/report.js
@@ -1,6 +1,6 @@
 // Import Third-party Dependencies
 import { report } from "@nodesecure/report";
-import * as Scanner from "@nodesecure/scanner";
+import * as scanner from "@nodesecure/scanner";
 
 // CONSTANTS
 const kSupportedReporters = new Set(["html", "pdf"]);
@@ -62,7 +62,7 @@ export async function main(repository, options) {
     reporters: [...formattedReporters],
     saveOnDisk: true
   };
-  const scannerPayload = await Scanner.from(repository);
+  const scannerPayload = await scanner.from(repository);
 
   const reportPath = await report(
     includesAllDeps ? scannerPayload.dependencies : { [repository]: scannerPayload.dependencies[repository] },
diff --git a/src/commands/scanner.js b/src/commands/scanner.js
@@ -5,11 +5,12 @@ import events from "node:events";
 
 // Import Third-party Dependencies
 import kleur from "kleur";
+import semver from "semver";
 import filenamify from "filenamify";
 import { Spinner } from "@topcli/spinner";
 import ms from "ms";
 import * as i18n from "@nodesecure/i18n";
-import * as Scanner from "@nodesecure/scanner";
+import * as scanner from "@nodesecure/scanner";
 import { appCache } from "@nodesecure/cache";
 
 // Import Internal Dependencies
@@ -67,7 +68,7 @@ export async function cwd(options) {
     contacts
   } = options;
 
-  const payload = await Scanner.cwd(
+  const payload = await scanner.cwd(
     process.cwd(),
     { maxDepth, usePackageLock: !nolock, fullLockMode: full, vulnerabilityStrategy, highlight:
       { contacts: parseContacts(contacts) } },
@@ -80,7 +81,7 @@ export async function cwd(options) {
 export async function from(spec, options) {
   const { depth: maxDepth = Infinity, output, silent, contacts, vulnerabilityStrategy } = options;
 
-  const payload = await Scanner.from(
+  const payload = await scanner.from(
     spec,
     {
       maxDepth,
@@ -121,7 +122,7 @@ function initLogger(spec, verbose = true) {
     }
   };
 
-  const logger = new Scanner.Logger();
+  const logger = new scanner.Logger();
   logger.on("start", (eventName) => {
     if (!(eventName in spinner)) {
       return;
@@ -174,7 +175,12 @@ function initLogger(spec, verbose = true) {
   return logger;
 }
 
-async function logAndWrite(payload, output = "nsecure-result", options = {}) {
+async function logAndWrite(
+  /** @type {import("@nodesecure/scanner").Payload} */
+  payload,
+  output = "nsecure-result",
+  options = {}
+) {
   const { local = false } = options;
 
   if (payload === null) {
@@ -184,10 +190,12 @@ async function logAndWrite(payload, output = "nsecure-result", options = {}) {
   }
 
   if (payload.warnings.length > 0) {
-    console.log(`\n ${kleur.yellow().underline().bold("Global Warning:")}\n`);
-    for (const warning of payload.warnings) {
-      console.log(kleur.red().bold(warning));
-    }
+    console.log(`\n ${kleur.yellow().bold("Global Warning:")}\n`);
+    const logFn = semver.satisfies(payload.scannerVersion, ">=7.0.0") ?
+      logGlobalWarningsV7 :
+      logGlobalWarningsV6;
+    logFn(payload.warnings);
+    console.log("");
   }
 
   const ret = JSON.stringify(payload, null, 2);
@@ -211,3 +219,24 @@ async function logAndWrite(payload, output = "nsecure-result", options = {}) {
 
   return filePath;
 }
+
+function logGlobalWarningsV7(
+  /** @type {import("@nodesecure/scanner").GlobalWarning[]} */
+  warnings
+) {
+  for (const warning of warnings) {
+    const isTypoSquatting = warning.type === "typo-squatting";
+
+    const type = kleur[isTypoSquatting ? "cyan" : "yellow"]().bold(`${warning.type}`);
+    console.log(kleur.gray().bold(`[${type}] ${warning.message}`));
+  }
+}
+
+function logGlobalWarningsV6(
+  /** @type {string[]} */
+  warnings
+) {
+  for (const warning of warnings) {
+    console.log(kleur.yellow().bold(warning));
+  }
+}
diff --git a/workspaces/documentation-ui/package.json b/workspaces/documentation-ui/package.json
@@ -25,7 +25,7 @@
   "author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
   "license": "MIT",
   "dependencies": {
-    "@nodesecure/flags": "^2.4.0",
+    "@nodesecure/flags": "^3.0.3",
     "@nodesecure/js-x-ray": "^9.2.0",
     "highlight.js": "^11.10.0",
     "markdown-it": "^14.1.0"
diff --git a/workspaces/server/src/websocket/commands/search.ts b/workspaces/server/src/websocket/commands/search.ts
@@ -1,5 +1,5 @@
 // Import Third-party Dependencies
-import * as Scanner from "@nodesecure/scanner";
+import * as scanner from "@nodesecure/scanner";
 import type { PayloadsList } from "@nodesecure/cache";
 
 // Import Internal Dependencies
@@ -63,7 +63,7 @@ export async function* search(
   logger.info(`[ws|search](scan ${pkg} in progress)`);
   yield { status: "SCAN" as const, pkg };
 
-  const payload = await Scanner.from(pkg, { maxDepth: 4 });
+  const payload = await scanner.from(pkg, { maxDepth: 4 });
   const name = payload.rootDependencyName;
   const version = Object.keys(payload.dependencies[name].versions)[0];
 
diff --git a/workspaces/vis-network/package.json b/workspaces/vis-network/package.json
@@ -29,7 +29,7 @@
     "vis-network": "^9.1.9"
   },
   "devDependencies": {
-    "@nodesecure/flags": "^2.4.0",
-    "@nodesecure/scanner": "^6.0.2"
+    "@nodesecure/flags": "^3.0.3",
+    "@nodesecure/scanner": "^7.1.0"
   }
-}
+}
diff --git a/workspaces/vis-network/src/dataset.js b/workspaces/vis-network/src/dataset.js
@@ -56,6 +56,7 @@ export default class NodeSecureDataSet extends EventTarget {
   ) {
     console.log("[NodeSecureDataSet] Initialization started...");
     let FLAGS;
+    /** @type {import("@nodesecure/scanner").Payload | null} */
     let data;
     this.reset();
 
@@ -76,7 +77,9 @@ export default class NodeSecureDataSet extends EventTarget {
       return;
     }
 
-    this.warnings = data.warnings;
+    this.warnings = data.warnings.map(
+      (warning) => (typeof warning === "string" ? warning : warning.message)
+    );
 
     this.#highligthedContacts = data.highlighted.contacts
       .reduce((acc, { name, email }) => {
