diff --git a/.changeset/better-trams-relax.md b/.changeset/better-trams-relax.md new file mode 100644 index 00000000..e4a7f62f --- /dev/null +++ b/.changeset/better-trams-relax.md @@ -0,0 +1,5 @@ +--- +"@nodesecure/scanner": patch +--- + +Comment NPM avatar hydratation because the .user() API in the SDK is deprecated and cannot be used anymore diff --git a/workspaces/scanner/src/registry/fetchNpmAvatars.ts b/workspaces/scanner/src/registry/fetchNpmAvatars.ts index edd7f2ec..362e1388 100644 --- a/workspaces/scanner/src/registry/fetchNpmAvatars.ts +++ b/workspaces/scanner/src/registry/fetchNpmAvatars.ts @@ -1,5 +1,5 @@ // Import Third-party Dependencies -import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk"; +// import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk"; // Import Internal Dependencies import type { @@ -20,9 +20,14 @@ export async function fetchNpmAvatars( ]; const avatarCache = new Map(); - await Promise.all( - contributors.map((contributor) => enrichContributorWithAvatar(contributor, avatarCache)) - ); + /** + * @deprecated + * NPM website user API is no longer exploitable for avatar + * We need to find an alternative way to fetch avatars + */ + // await Promise.all( + // contributors.map((contributor) => enrichContributorWithAvatar(contributor, avatarCache)) + // ); // Backfill missing avatars: some contributors may have failed username lookup // but their email might match a cached avatar from a successful contributor @@ -36,44 +41,44 @@ export async function fetchNpmAvatars( }); } -async function enrichContributorWithAvatar( - contributor: Contributor, - avatarCache: Map -): Promise { - if (trySetAvatarFromCache(contributor, avatarCache)) { - return; - } +// async function enrichContributorWithAvatar( +// contributor: Contributor, +// avatarCache: Map +// ): Promise { +// if (trySetAvatarFromCache(contributor, avatarCache)) { +// return; +// } - try { - const profile = await npmRegistrySDK.user( - contributor.name, - { perPage: 1 } - ); - contributor.npmAvatar = profile.avatars.small; +// try { +// const profile = await npmRegistrySDK.user( +// contributor.name, +// { perPage: 1 } +// ); +// contributor.npmAvatar = profile.avatars.small; - if (contributor.email && contributor.npmAvatar) { - avatarCache.set(contributor.email, contributor.npmAvatar); - } - } - catch { - contributor.npmAvatar = undefined; - } -} +// if (contributor.email && contributor.npmAvatar) { +// avatarCache.set(contributor.email, contributor.npmAvatar); +// } +// } +// catch { +// contributor.npmAvatar = undefined; +// } +// } -function trySetAvatarFromCache( - contributor: Contributor, - avatarCache: Map -): boolean { - if (!contributor.email) { - return false; - } +// function trySetAvatarFromCache( +// contributor: Contributor, +// avatarCache: Map +// ): boolean { +// if (!contributor.email) { +// return false; +// } - const cachedAvatar = avatarCache.get(contributor.email); - if (cachedAvatar) { - contributor.npmAvatar = cachedAvatar; +// const cachedAvatar = avatarCache.get(contributor.email); +// if (cachedAvatar) { +// contributor.npmAvatar = cachedAvatar; - return true; - } +// return true; +// } - return false; -} +// return false; +// } diff --git a/workspaces/scanner/test/depWalker.spec.ts b/workspaces/scanner/test/depWalker.spec.ts index 61b33e4f..15dc842e 100644 --- a/workspaces/scanner/test/depWalker.spec.ts +++ b/workspaces/scanner/test/depWalker.spec.ts @@ -20,6 +20,9 @@ import { type Identifier } from "../src/index.ts"; +// VARS +const skip = false; + // CONSTANTS const __dirname = path.dirname(url.fileURLToPath(import.meta.url)); const kFixturePath = path.join(__dirname, "fixtures", "depWalker"); @@ -75,7 +78,7 @@ function cleanupPayload(payload: Payload) { } } -test("execute depWalker on @slimio/is", async(test) => { +test("execute depWalker on @slimio/is", { skip }, async(test) => { Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY); const { logger, errorCount } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -93,7 +96,7 @@ test("execute depWalker on @slimio/is", async(test) => { assert.strictEqual(errorCount(), 0); }); -test("execute depWalker on @slimio/config", async(test) => { +test("execute depWalker on @slimio/config", { skip }, async(test) => { Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY); const { logger, errorCount } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -123,7 +126,7 @@ test("execute depWalker on @slimio/config", async(test) => { "@slimio/config" ].sort()); - const ajvDescriptor = resultAsJSON.ajv.versions["6.12.6"]; + const ajvDescriptor = resultAsJSON.ajv.versions["6.14.0"]; const ajvUsedBy = Object.keys(ajvDescriptor.usedBy); assert.deepEqual(ajvUsedBy, [ "@slimio/config" @@ -131,7 +134,7 @@ test("execute depWalker on @slimio/config", async(test) => { assert.strictEqual(errorCount(), 0); }); -test("execute depWalker on pkg.gitdeps", async(test) => { +test("execute depWalker on pkg.gitdeps", { skip }, async(test) => { Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY); const { logger, errors, statsCount } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -149,13 +152,11 @@ test("execute depWalker on pkg.gitdeps", async(test) => { "@nodesecure/npm-types", "@openally/httpie", "@openally/result", - "content-type", "lru-cache", "nanodelay", "nanoevents", "nanoid", "pkg.gitdeps", - "statuses", "undici", "zen-observable" ].sort()); @@ -178,13 +179,13 @@ test("execute depWalker on pkg.gitdeps", async(test) => { assert.strictEqual(typeof metadata.startedAt, "number"); assert.strictEqual(typeof metadata.executionTime, "number"); assert.strictEqual(Array.isArray(metadata.apiCalls), true); - assert.strictEqual(metadata.apiCallsCount, 50); + assert.strictEqual(metadata.apiCallsCount, 42); assert.strictEqual(metadata.errorCount, 2); assert.strictEqual(metadata.errors.length, 2); - assert.strictEqual(statsCount(), 48); + assert.strictEqual(statsCount(), 40); }); -test("execute depWalker on typo-squatting (with location)", async(test) => { +test("execute depWalker on typo-squatting (with location)", { skip }, async(test) => { Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY); const { logger, errors, statsCount } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -223,7 +224,7 @@ test("execute depWalker on typo-squatting (with location)", async(test) => { assert.strictEqual(statsCount(), 0); }); -test("execute depWalker on typo-squatting (with no location)", async(test) => { +test("execute depWalker on typo-squatting (with no location)", { skip }, async(test) => { Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY); const { logger, errors } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -250,7 +251,7 @@ test("execute depWalker on typo-squatting (with no location)", async(test) => { ]); }); -test("should highlight the given packages", async() => { +test("should highlight the given packages", { skip }, async() => { const { logger } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -280,7 +281,7 @@ test("should highlight the given packages", async() => { ); }); -test("should support multiple formats for packages highlighted", async() => { +test("should support multiple formats for packages highlighted", { skip }, async() => { const { logger } = buildLogger(); test.after(() => logger.removeAllListeners()); @@ -307,7 +308,7 @@ test("should support multiple formats for packages highlighted", async() => { ); }); -test("fetch payload of pacote on the npm registry", async() => { +test("fetch payload of pacote on the npm registry", { skip }, async() => { const result = await from( "pacote", { @@ -329,7 +330,7 @@ test("fetch payload of pacote on the npm registry", async() => { assert.strictEqual(typeof result.rootDependency.integrity, "string"); }); -test("fetch payload of pacote on the gitlab registry", async() => { +test("fetch payload of pacote on the gitlab registry", { skip }, async() => { const result = await from("pacote", { registry: "https://gitlab.com/api/v4/packages/npm/", maxDepth: 10, @@ -349,7 +350,7 @@ test("fetch payload of pacote on the gitlab registry", async() => { assert.strictEqual(typeof result.rootDependency.integrity, "string"); }); -test("highlight contacts from a remote package", async() => { +test("highlight contacts from a remote package", { skip }, async() => { const spec = "@adonisjs/logger"; const result = await from(spec, { highlight: {