feat: start implementing useFormat including OSV

README.md

@@ -45,7 +45,7 @@ const definition = await vulnera.getStrategy();
 console.log(definition.strategy);
 
 const vulnerabilities = await definition.getVulnerabilities(process.cwd(), {
-  useStandardFormat: true
+  useFormat: "Standard"
 });
 console.log(vulnerabilities);
 ```
@@ -105,11 +105,13 @@ export interface ExtendedStrategy<
   ) => Promise<(VulnFormat | StandardVulnerability)[]>;
 }
 
+export type BaseStrategyFormat = "Preserve" | "Standard" | "OSV";
+
 export interface BaseStrategyOptions {
   /**
-   * @default false
+   * @default "Preserve"
    */
-  useStandardFormat?: boolean;
+  useFormat?: BaseStrategyFormat;
 }
 
 export interface HydratePayloadDepsOptions extends BaseStrategyOptions {
@@ -127,7 +129,7 @@ Where `dependencies` is the dependencies **Map()** object of the NodeSecure Scan
 > the option **hydrateDatabase** is only useful for some of the strategy (like Node.js Security WG).
 
 ### Standard vulnerability format
-We provide an high level format that work for all available strategy. It can be activated with the option `useStandardFormat`.
+We provide an high level format that work for all available strategy. It can be activated with the option `useFormat`.
 
 ```ts
 export interface StandardVulnerability {

docs/github_advisory.md

@@ -41,17 +41,17 @@ For audit a specific manifest (package.json, lock-file or nodes_modules), there
 
 ```js
 async function getVulnerabilities(path, options = {}) {
-  const { useStandardFormat } = options;
+  const { useFormat } = options;
 
-  const formatVulnerabilities = standardizeVulnsPayload(useStandardFormat);
+  const formatVulnerabilities = formatVulnsPayload(useFormat);
   const registry = getLocalRegistryURL();
   const isPnpm = await hasPnpmLockFile(path);
 
   const vulnerabilities = isPnpm ?
     await pnpmAudit(path, registry) :
     await npmAudit(path, registry);
 
-  if (useStandardFormat) {
+  if (useFormat) {
     return formatVulnerabilities(
       isPnpm ? VULN_MODE.GITHUB_ADVISORY + "_pnpm" : VULN_MODE.GITHUB_ADVISORY,
       vulnerabilities
@@ -69,7 +69,7 @@ import * as vulnera from "@nodesecure/vulnera";
 const definition = await vulnera.setStrategy(vulnera.strategies.GITHUB_ADVISORY);
 const vulnerabilites = await definition.getVulnerabilities(
   './package.json',
-  { useStandardFormat: true }
+  { useFormat: "Standard" }
 );
 ```
 

src/formats/index.ts

@@ -0,0 +1,27 @@
+// Import Internal Dependencies
+import { BaseStrategyFormat } from "../strategies/types/api.js";
+
+import {
+  standardVulnerabilityMapper,
+  StandardizeKind
+} from "./standard/index.js";
+
+export function formatVulnsPayload(format: BaseStrategyFormat = "Preserve") {
+  return function formatVulnerabilities(
+    strategy: StandardizeKind,
+    vulnerabilities: any[]
+  ) {
+    if (format === "Standard") {
+      return standardVulnerabilityMapper(
+        strategy,
+        vulnerabilities
+      );
+    }
+    if (format === "OSV") {
+      throw new Error("Not Implemented Yet");
+    }
+
+    // identity function
+    return vulnerabilities;
+  };
+}

src/formats/standard/index.ts

@@ -1,5 +1,5 @@
 // Import Internal Dependencies
-import { VULN_MAPPERS } from "./mappers.js";
+import { STANDARD_VULN_MAPPERS } from "./mappers.js";
 import { Kind } from "../../constants.js";
 
 export type Severity = "info" | "low" | "medium" | "high" | "critical";
@@ -47,33 +47,15 @@ export interface StandardVulnerability {
   patches?: StandardPatch[];
 }
 
-export type StandardizeKind = keyof typeof VULN_MAPPERS;
+export type StandardizeKind = keyof typeof STANDARD_VULN_MAPPERS;
 
-function useStrategyVulnerabilityMapper(
+export function standardVulnerabilityMapper(
   strategy: StandardizeKind,
   vulnerabilities: any[]
 ): StandardVulnerability[] {
-  if (!(strategy in VULN_MAPPERS)) {
+  if (!(strategy in STANDARD_VULN_MAPPERS)) {
     return [];
   }
 
-  return vulnerabilities.map(VULN_MAPPERS[strategy]);
+  return vulnerabilities.map(STANDARD_VULN_MAPPERS[strategy]);
 }
-
-export function standardizeVulnsPayload(useStandardFormat = false) {
-  return function formatVulnerabilities(
-    strategy: StandardizeKind,
-    vulnerabilities: any[]
-  ) {
-    if (useStandardFormat) {
-      return useStrategyVulnerabilityMapper(
-        strategy, vulnerabilities
-      );
-    }
-
-    // identity function
-    return vulnerabilities;
-  };
-}
-
-

src/formats/standard/mappers.ts

@@ -91,7 +91,7 @@ function mapFromSonatype(vuln: SonatypeVulnerability): StandardVulnerability {
   };
 }
 
-export const VULN_MAPPERS = Object.freeze({
+export const STANDARD_VULN_MAPPERS = Object.freeze({
   [VULN_MODE.GITHUB_ADVISORY]: mapFromNPM,
   "github-advisory_pnpm": mapFromPnpm,
   [VULN_MODE.SNYK]: mapFromSnyk,

src/index.ts

@@ -43,6 +43,7 @@ import type {
   BaseStrategy,
   ExtendedStrategy,
   BaseStrategyOptions,
+  BaseStrategyFormat,
   HydratePayloadDepsOptions
 } from "./strategies/types/api.js";
 
@@ -101,6 +102,7 @@ export const defaultStrategyName = VULN_MODE.NONE;
 export {
   Kind,
   BaseStrategyOptions,
+  BaseStrategyFormat,
   BaseStrategy,
   ExtendedStrategy,
   HydratePayloadDepsOptions,

src/strategies/github-advisory.ts

@@ -10,7 +10,8 @@ import { readWantedLockfile } from "@pnpm/lockfile-file";
 
 // Import Internal Dependencies
 import { VULN_MODE, NPM_TOKEN } from "../constants.js";
-import { StandardVulnerability, standardizeVulnsPayload } from "../formats/standard/index.js";
+import { StandardVulnerability } from "../formats/standard/index.js";
+import { formatVulnsPayload } from "../formats/index.js";
 import type { Dependencies } from "./types/scanner.js";
 import type {
   BaseStrategyOptions,
@@ -71,9 +72,9 @@ async function getVulnerabilities(
   lockDirOrManifestPath: string,
   options: BaseStrategyOptions = {}
 ): Promise<(GithubVulnerability | StandardVulnerability)[]> {
-  const { useStandardFormat } = options;
+  const { useFormat } = options;
 
-  const formatVulnerabilities = standardizeVulnsPayload(useStandardFormat);
+  const formatVulnerabilities = formatVulnsPayload(useFormat);
   const registry = getLocalRegistryURL();
 
   const lockfileDir = path.extname(lockDirOrManifestPath) === "" ?
@@ -88,7 +89,7 @@ async function getVulnerabilities(
     await pnpmAudit(lockfileDir, registry) :
     await npmAudit(lockDirOrManifestPath, registry);
 
-  if (useStandardFormat) {
+  if (useFormat) {
     return formatVulnerabilities(
       isPnpm ? "github-advisory_pnpm" : VULN_MODE.GITHUB_ADVISORY,
       vulnerabilities
@@ -102,12 +103,12 @@ async function hydratePayloadDependencies(
   dependencies: Dependencies,
   options: HydratePayloadDepsOptions
 ): Promise<void> {
-  const { path, useStandardFormat } = options;
+  const { path, useFormat } = options;
   if (!path) {
     throw new Error("path argument is required for <github-advisory> strategy");
   }
 
-  const formatVulnerabilities = standardizeVulnsPayload(useStandardFormat);
+  const formatVulnerabilities = formatVulnsPayload(useFormat);
   const registry = getLocalRegistryURL();
 
   try {

src/strategies/snyk.ts

@@ -7,7 +7,7 @@ import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
 import { VULN_MODE, SNYK_ORG, SNYK_TOKEN } from "../constants.js";
-import { standardizeVulnsPayload } from "../formats/standard/index.js";
+import { formatVulnsPayload } from "../formats/index.js";
 import type { Dependencies } from "./types/scanner.js";
 import type {
   HydratePayloadDepsOptions,
@@ -180,8 +180,8 @@ function extractSnykVulnerabilities(
   options: HydratePayloadDepsOptions
 ) {
   const { ok, issues } = snykAudit;
-  const { useStandardFormat } = options;
-  const formatVulnerabilities = standardizeVulnsPayload(useStandardFormat);
+  const { useFormat } = options;
+  const formatVulnerabilities = formatVulnsPayload(useFormat);
 
   if (!ok) {
     const vulnerabilities = formatVulnerabilities(VULN_MODE.SNYK, issues.vulnerabilities);

src/strategies/sonatype.ts

@@ -4,7 +4,7 @@ import * as httpie from "@myunisoft/httpie";
 // Import Internal Dependencies
 import * as utils from "../utils.js";
 import { VULN_MODE } from "../constants.js";
-import { standardizeVulnsPayload } from "../formats/standard/index.js";
+import { formatVulnsPayload } from "../formats/index.js";
 import type { Dependencies, ScannerVersionDescriptor } from "./types/scanner.js";
 import type {
   BaseStrategyOptions,
@@ -135,8 +135,8 @@ async function hydratePayloadDependencies(
     Array.from(dependencies).flatMap(createPackageURLCoordinates)
   );
 
-  const formatVulnerabilities = standardizeVulnsPayload(
-    options.useStandardFormat
+  const formatVulnerabilities = formatVulnsPayload(
+    options.useFormat
   );
   for (const sonatypeResponse of packageURLsData) {
     const packageName = extractNameFromPackageURL(sonatypeResponse.coordinates);

src/strategies/types/api.ts

@@ -3,11 +3,13 @@ import type { Dependencies } from "./scanner.js";
 import type { StandardVulnerability } from "../../formats/standard/index.js";
 import type { Kind } from "../../constants.js";
 
+export type BaseStrategyFormat = "Preserve" | "Standard" | "OSV";
+
 export interface BaseStrategyOptions {
   /**
-   * @default false
+   * @default "Preserve"
    */
-  useStandardFormat?: boolean;
+  useFormat?: BaseStrategyFormat;
 }
 
 export interface HydratePayloadDepsOptions extends BaseStrategyOptions {

test/strategies/github_advisory_npm/index.integration.spec.ts

@@ -52,7 +52,7 @@ test("GitHubAdvisoryStrategy (npm): hydratePayloadDependencies using NodeSecure
 
   await hydratePayloadDependencies(dependencies, {
     path: path.join(kFixturesDir, "audit"),
-    useStandardFormat: true
+    useFormat: "Standard"
   });
 
   assert.strictEqual(dependencies.size, 1, "hydratePayloadDependencies must not add new dependencies by itself");
@@ -75,7 +75,7 @@ test("GitHubAdvisoryStrategy (npm): getVulnerabilities in the standard NodeSecur
   const { getVulnerabilities } = GitHubAdvisoryStrategy();
   const vulnerabilities = await getVulnerabilities(
     path.join(kFixturesDir, "audit"),
-    { useStandardFormat: true }
+    { useFormat: "Standard" }
   );
 
   assert.equal(vulnerabilities.length > 0, true);

test/strategies/github_advisory_pnpm/index.integration.spec.ts

@@ -46,7 +46,7 @@ test("GitHubAdvisoryStrategy (pnpm): hydratePayloadDependencies using NodeSecure
 
   await hydratePayloadDependencies(dependencies, {
     path: path.join(kFixturesDir, "audit_pnpm"),
-    useStandardFormat: true
+    useFormat: "Standard"
   });
 
   assert.strictEqual(dependencies.size, 1, "hydratePayloadDependencies must not add new dependencies by itself");
@@ -71,7 +71,7 @@ test("GitHubAdvisoryStrategy (pnpm): getVulnerabilities in the standard NodeSecu
   const { getVulnerabilities } = GitHubAdvisoryStrategy();
   const vulnerabilities = await getVulnerabilities(
     path.join(kFixturesDir, "audit_pnpm"),
-    { useStandardFormat: true }
+    { useFormat: "Standard" }
   );
 
   assert.equal(vulnerabilities.length > 0, true);
@@ -82,7 +82,7 @@ test("GitHubAdvisoryStrategy (pnpm): getVulnerabilities should work even if we p
   const { getVulnerabilities } = GitHubAdvisoryStrategy();
   const vulnerabilities = await getVulnerabilities(
     path.join(kFixturesDir, "audit_pnpm", "package.json"),
-    { useStandardFormat: true }
+    { useFormat: "Standard" }
   );
 
   assert.equal(vulnerabilities.length > 0, true);

test/strategies/snyk/index.integration.spec.ts

@@ -21,7 +21,7 @@
 
 //   await hydratePayloadDependencies(dependencies, {
 //     path: path.join(kFixturesDir, "snyk"),
-//     useStandardFormat: true
+//     useFormat: "Standard"
 //   });
 
 //   assert.strictEqual(

test/strategies/snyk/index.unit.spec.ts

@@ -114,7 +114,7 @@ test("snyk strategy: hydratePayloadDependencies using NodeSecure standard format
 
   await hydratePayloadDependencies(dependencies, {
     path: path.join(kFixturesDir, "snyk"),
-    useStandardFormat: true
+    useFormat: "Standard"
   });
 
   assert.strictEqual(

test/strategies/sonatype/index.integration.spec.ts

@@ -27,7 +27,7 @@ test("sonatype strategy: fetching a package with a vulnerability using the API",
   });
 
   await hydratePayloadDependencies(dependencies, {
-    useStandardFormat: true
+    useFormat: "Standard"
   });
 
   assert.strictEqual(
@@ -70,7 +70,7 @@ test("sonatype strategy: fetching a package with a name that should be percent-e
     }
   );
 
-  await hydratePayloadDependencies(dependencies, { useStandardFormat: true });
+  await hydratePayloadDependencies(dependencies, { useFormat: "Standard" });
 
   assert.strictEqual(
     dependencies.size,

test/strategies/sonatype/index.unit.spec.ts

@@ -104,7 +104,7 @@ test("sonatype strategy: hydratePayloadDependencies when using NodeSecure standa
     }
   });
 
-  await hydratePayloadDependencies(dependencies, { useStandardFormat: true });
+  await hydratePayloadDependencies(dependencies, { useFormat: "Standard" });
 
   assert.strictEqual(
     dependencies.size,

test/strategies/vuln_payload/standardize.unit.spec.ts

@@ -4,14 +4,14 @@ import assert from "node:assert";
 
 // Import Internal Dependencies
 import { VULN_MODE } from "../../../src/constants.js";
-import { standardizeVulnsPayload } from "../../../src/formats/standard/index.js";
+import { formatVulnsPayload } from "../../../src/formats/index.js";
 import {
   NPM_VULNS_PAYLOADS,
   SNYK_VULNS_PAYLOADS,
   SONATYPE_VULNS_PAYLOADS
 } from "../../fixtures/vuln_payload/payloads.js";
 
-const formatVulnerabilities = standardizeVulnsPayload(true);
+const formatVulnerabilities = formatVulnsPayload("Standard");
 
 test("should convert NONE or unknown strategy into blank payload", () => {
   let notStandardized = formatVulnerabilities(VULN_MODE.NONE as any, [{}, {}]);