From 1767fa82a743cb34e3e542e074b22241bb5a9af2 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Fri, 1 Nov 2024 18:26:26 -0300 Subject: [PATCH] chore: remove debug dependency (#25) Part of: https://github.com/RafaelGSS/is-my-node-vulnerable/issues/19 --- is-vulnerable.js | 74 +++++++++++++++++++++++++++++++++-------------- package-lock.json | 34 +--------------------- package.json | 4 +-- 3 files changed, 54 insertions(+), 58 deletions(-) diff --git a/is-vulnerable.js b/is-vulnerable.js index f83c8c5..09cce39 100644 --- a/is-vulnerable.js +++ b/is-vulnerable.js @@ -1,14 +1,11 @@ const { danger, allGood, bold, vulnerableWarning, separator } = require('./ascii') -const { request, stream, setGlobalDispatcher, Agent } = require('undici') -const EE = require('events') +const { request } = require('https') +const { pipeline } = require('stream') const fs = require('fs') const path = require('path') -const debug = require('debug')('is-my-node-vulnerable') const satisfies = require('semver/functions/satisfies') const nv = require('@pkgjs/nv') -setGlobalDispatcher(new Agent({ connections: 20 })) - const CORE_RAW_URL = 'https://raw.githubusercontent.com/nodejs/security-wg/main/vuln/core/index.json' let lastETagValue @@ -20,6 +17,12 @@ async function readLocal (file) { return require(file) } +function debug (msg) { + if (process.env.DEBUG) { + console.debug(msg) + } +} + function loadETag () { if (fs.existsSync(ETagFile)) { debug('Loading local ETag') @@ -33,28 +36,55 @@ function updateLastETag (etag) { } async function fetchCoreIndex () { - const abortRequest = new EE() - await stream(CORE_RAW_URL, { signal: abortRequest }, ({ statusCode }) => { - if (statusCode !== 200) { - console.error('Request to Github failed. Aborting...') - abortRequest.emit('abort') - process.nextTick(() => { process.exit(1) }) - } - return fs.createWriteStream(coreLocalFile, { flags: 'w', autoClose: true }) + await new Promise((resolve) => { + request(CORE_RAW_URL, (res) => { + if (res.statusCode !== 200) { + console.error('Request to Github failed. Aborting...') + process.nextTick(() => { process.exit(1) }) + } + + const file = fs.createWriteStream(coreLocalFile) + pipeline(res, file, (err) => { + if (err) { + console.error(`Problem with request: ${err.message}`) + process.nextTick(() => { process.exit(1) }) + } else { + resolve() + } + }) + }) }) return readLocal(coreLocalFile) } async function getCoreIndex () { - const { headers } = await request(CORE_RAW_URL, { method: 'HEAD' }) - if (!lastETagValue || lastETagValue !== headers.etag || !fs.existsSync(coreLocalFile)) { - updateLastETag(headers.etag) - debug('Creating local core.json') - return fetchCoreIndex() - } else { - debug(`No updates from upstream. Getting a cached version: ${coreLocalFile}`) - return readLocal(coreLocalFile) - } + return new Promise((resolve) => { + const req = request(CORE_RAW_URL, { method: 'HEAD' }, (res) => { + if (res.statusCode !== 200) { + console.error('Request to Github failed. Aborting...') + process.nextTick(() => { process.exit(1) }) + } + + res.on('data', () => {}) + + const { etag } = res.headers + if (!lastETagValue || lastETagValue !== etag || !fs.existsSync(coreLocalFile)) { + updateLastETag(etag) + debug('Creating local core.json') + resolve(fetchCoreIndex()) + } else { + debug(`No updates from upstream. Getting a cached version: ${coreLocalFile}`) + resolve(readLocal(coreLocalFile)) + } + }) + + req.on('error', (e) => { + console.error(`Problem with request: ${e.message}`) + process.nextTick(() => { process.exit(1) }) + }) + + req.end() + }) } const checkPlatform = platform => { diff --git a/package-lock.json b/package-lock.json index 4e802aa..e2178ef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,9 +11,7 @@ "dependencies": { "@actions/core": "^1.10.0", "@pkgjs/nv": "^0.2.1", - "debug": "^4.3.4", - "semver": "^7.3.8", - "undici": "^5.15.1" + "semver": "^7.3.8" }, "bin": { "is-my-node-vulnerable": "index.js" @@ -388,17 +386,6 @@ "semver": "^7.0.0" } }, - "node_modules/busboy": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz", - "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==", - "dependencies": { - "streamsearch": "^1.1.0" - }, - "engines": { - "node": ">=10.16.0" - } - }, "node_modules/cacheable-lookup": { "version": "5.0.4", "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz", @@ -2776,14 +2763,6 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, - "node_modules/streamsearch": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz", - "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==", - "engines": { - "node": ">=10.0.0" - } - }, "node_modules/string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", @@ -2979,17 +2958,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/undici": { - "version": "5.16.0", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.16.0.tgz", - "integrity": "sha512-KWBOXNv6VX+oJQhchXieUznEmnJMqgXMbs0xxH2t8q/FUAWSJvOSr/rMaZKnX5RIVq7JDn0JbP4BOnKG2SGXLQ==", - "dependencies": { - "busboy": "^1.6.0" - }, - "engines": { - "node": ">=12.18" - } - }, "node_modules/uri-js": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", diff --git a/package.json b/package.json index caf1bea..31c5546 100644 --- a/package.json +++ b/package.json @@ -30,9 +30,7 @@ "dependencies": { "@actions/core": "^1.10.0", "@pkgjs/nv": "^0.2.1", - "debug": "^4.3.4", - "semver": "^7.3.8", - "undici": "^5.15.1" + "semver": "^7.3.8" }, "devDependencies": { "standard": "^17.0.0",