NodeSecure · fraxken · Jan 4, 2025 · Jan 4, 2025
diff --git a/.eslintrc b/.eslintrc
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v2.6.0
       - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: 16.x
+          node-version: 22.x
       - name: Install dependencies
         run: npm install
       - name: Run ESLint

diff --git a/eslint.config.mjs b/eslint.config.mjs
@@ -0,0 +1,3 @@
+import { typescriptConfig } from "@openally/config.eslint";
+
+export default typescriptConfig();
diff --git a/package.json b/package.json
@@ -11,7 +11,7 @@
   "scripts": {
     "build": "tsc",
     "prepublishOnly": "npm run build",
-    "lint": "cross-env eslint src/**/*.ts",
+    "lint": "eslint src test",
     "test-only": "glob -c \"tsx --test\" \"./test/**/*.spec.ts\"",
     "unit-test-only": "glob -c \"tsx --test\" \"./test/**/*.unit.spec.ts\"",
     "integration-test-only": "glob -c \"tsx --test\" \"./test/**/*.integration.spec.ts\"",
@@ -46,7 +46,8 @@
   },
   "homepage": "https://github.com/NodeSecure/vulnera#readme",
   "devDependencies": {
-    "@nodesecure/eslint-config": "^1.8.0",
+    "@openally/config.eslint": "^1.1.0",
+    "@openally/config.typescript": "^1.0.3",
     "@slimio/is": "^2.0.0",
     "@types/node": "^22.1.0",
     "c8": "^10.1.2",

diff --git a/src/database/osv.ts b/src/database/osv.ts
@@ -2,7 +2,7 @@
 import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
-import { OSV } from "../formats/osv";
+import type { OSV } from "../formats/osv/index.js";
 import * as utils from "../utils.js";
 
 // CONSTANTS
@@ -17,7 +17,7 @@ export type OSVApiParameter = {
      */
     ecosystem?: string;
   };
-}
+};
 
 export async function findOne(
   parameters: OSVApiParameter
@@ -26,7 +26,7 @@ export async function findOne(
     parameters.package.ecosystem = "npm";
   }
 
-  const { data } = await httpie.post<{ vulns: OSV[] }>(
+  const { data } = await httpie.post<{ vulns: OSV[]; }>(
     new URL("v1/query", ROOT_API),
     {
       body: parameters

diff --git a/src/database/snyk.ts b/src/database/snyk.ts
@@ -3,20 +3,20 @@ import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
 import { SNYK_ORG, SNYK_TOKEN } from "../constants.js";
-import { SnykAuditResponse } from "../formats/snyk/index.js";
+import type { SnykAuditResponse } from "../formats/snyk/index.js";
 
 // CONSTANTS
 export const ROOT_API = "https://snyk.io";
 
 export type SnykFindOneParameters = {
-    files: {
-        target: {
-            contents: string;
-        };
-        additional?: {
-            contents: string;
-        }[];
+  files: {
+    target: {
+      contents: string;
     };
+    additional?: {
+      contents: string;
+    }[];
+  };
 };
 
 export async function findOne(

diff --git a/src/formats/osv/index.ts b/src/formats/osv/index.ts
@@ -51,7 +51,7 @@ export type OSVCreditType = "FINDER" |
 
 export interface OSVAffected {
   package: {
-    ecosystem: "npm",
+    ecosystem: "npm";
     name: string;
     purl: string;
   };

diff --git a/src/formats/snyk/index.ts b/src/formats/snyk/index.ts
@@ -1,89 +1,89 @@
 export interface SnykPatch {
-    id: string;
-    urls: string[];
-    version: string;
-    modificationTime: string;
-    comments: string[];
+  id: string;
+  urls: string[];
+  version: string;
+  modificationTime: string;
+  comments: string[];
 }
 
 export interface SnykVulnerability {
-    /** The issue ID **/
-    id: string;
-    /** A link to the issue details on snyk.io **/
-    url: string;
-    /** The issue title **/
-    title: string;
-    /** The issue type **/
-    type: "vulnerability" | "license";
-    /** The paths to the dependencies which have an issue, and their corresponding upgrade path (if an upgrade is available) **/
-    paths?: Array<{
-        "from": Array<string>,
-        "upgrade": Array<string | boolean>
-    }>;
-    /** The package identifier according to its package manager **/
-    package: string;
-    /** The package version this issue is applicable to. **/
-    version: string;
-    /** The Snyk defined severity level **/
-    severity: "critical" | "high" | "medium" | "low";
-    /** The package's programming language **/
-    language: string;
-    /** The package manager **/
-    packageManager: string;
-    /** One or more semver ranges this issue is applicable to. **/
-    semver: Record<string, string[]>;
-    /** The vulnerability publication time **/
-    publicationTime: string;
-    /** The time this vulnerability was originally disclosed to the package maintainers **/
-    disclosureTime: string;
-    /** Is this vulnerability fixable by upgrading a dependency? **/
-    isUpgradable: boolean;
-    /** The detailed description of the vulnerability, why and how it is exploitable. **/
-    description: string;
-    /** Is this vulnerability fixable by using a Snyk supplied patch? **/
-    isPatchable: boolean;
-    /** Is this vulnerability fixable by pinning a transitive dependency **/
-    isPinnable: boolean;
-    /** Additional vulnerability identifiers **/
-    identifiers: Record<string, string[]>;
-    /** The reporter of the vulnerability **/
-    credit: string;
-    /**
+  /** The issue ID **/
+  id: string;
+  /** A link to the issue details on snyk.io **/
+  url: string;
+  /** The issue title **/
+  title: string;
+  /** The issue type **/
+  type: "vulnerability" | "license";
+  /** The paths to the dependencies which have an issue, and their corresponding upgrade path (if an upgrade is available) **/
+  paths?: Array<{
+    from: Array<string>;
+    upgrade: Array<string | boolean>;
+  }>;
+  /** The package identifier according to its package manager **/
+  package: string;
+  /** The package version this issue is applicable to. **/
+  version: string;
+  /** The Snyk defined severity level **/
+  severity: "critical" | "high" | "medium" | "low";
+  /** The package's programming language **/
+  language: string;
+  /** The package manager **/
+  packageManager: string;
+  /** One or more semver ranges this issue is applicable to. **/
+  semver: Record<string, string[]>;
+  /** The vulnerability publication time **/
+  publicationTime: string;
+  /** The time this vulnerability was originally disclosed to the package maintainers **/
+  disclosureTime: string;
+  /** Is this vulnerability fixable by upgrading a dependency? **/
+  isUpgradable: boolean;
+  /** The detailed description of the vulnerability, why and how it is exploitable. **/
+  description: string;
+  /** Is this vulnerability fixable by using a Snyk supplied patch? **/
+  isPatchable: boolean;
+  /** Is this vulnerability fixable by pinning a transitive dependency **/
+  isPinnable: boolean;
+  /** Additional vulnerability identifiers **/
+  identifiers: Record<string, string[]>;
+  /** The reporter of the vulnerability **/
+  credit: string;
+  /**
      * Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics
      * of a vulnerability, and produce a numerical score reflecting its severity,
      * as well as a textual representation of that score.
      * **/
-    CVSSv3: string;
-    /** CVSS Score **/
-    cvssScore: number;
-    /** Patches to fix this issue, by snyk **/
-    patches: SnykPatch[];
-    /** The path to upgrade this issue, if applicable **/
-    upgradePath: string[];
-    /** Is this vulnerability patched? **/
-    isPatched: boolean;
-    /** The snyk exploit maturity level **/
-    exploitMaturity: string;
-    functions: any;
+  CVSSv3: string;
+  /** CVSS Score **/
+  cvssScore: number;
+  /** Patches to fix this issue, by snyk **/
+  patches: SnykPatch[];
+  /** The path to upgrade this issue, if applicable **/
+  upgradePath: string[];
+  /** Is this vulnerability patched? **/
+  isPatched: boolean;
+  /** The snyk exploit maturity level **/
+  exploitMaturity: string;
+  functions: any;
 }
 
 export interface SnykAuditResponse {
-    /** Does this package have one or more issues? **/
-    ok: boolean;
-    /** The issues found. **/
-    issues: {
-        vulnerabilities: SnykVulnerability[];
-        licenses: SnykVulnerability[];
-    };
-    /** The number of dependencies the package has. **/
-    dependencyCount: number;
-    /** The organization this test was carried out for. **/
-    org: {
-        id: string;
-        name: string;
-    };
-    /** The organization's licenses policy used for this test **/
-    licensesPolicy: null | object;
-    /** The package manager for this package **/
-    packageManager: string;
+  /** Does this package have one or more issues? **/
+  ok: boolean;
+  /** The issues found. **/
+  issues: {
+    vulnerabilities: SnykVulnerability[];
+    licenses: SnykVulnerability[];
+  };
+  /** The number of dependencies the package has. **/
+  dependencyCount: number;
+  /** The organization this test was carried out for. **/
+  org: {
+    id: string;
+    name: string;
+  };
+  /** The organization's licenses policy used for this test **/
+  licensesPolicy: null | object;
+  /** The package manager for this package **/
+  packageManager: string;
 }
diff --git a/src/formats/standard/index.ts b/src/formats/standard/index.ts
@@ -1,6 +1,6 @@
 // Import Internal Dependencies
 import { VULN_MAPPERS } from "./mappers.js";
-import { Kind } from "../../constants.js";
+import type { Kind } from "../../constants.js";
 
 export type Severity = "info" | "low" | "medium" | "high" | "critical";
 
@@ -76,4 +76,3 @@ export function standardizeVulnsPayload(useStandardFormat = false) {
   };
 }
 
-
diff --git a/src/index.ts b/src/index.ts
@@ -8,8 +8,7 @@ import {
 
 import {
   SnykStrategy,
-  type SnykStrategyDefinition,
-  type SnykVulnerability
+  type SnykStrategyDefinition
 } from "./strategies/snyk.js";
 
 import {
@@ -28,6 +27,9 @@ import {
   type Kind
 } from "./constants.js";
 
+import type {
+  SnykVulnerability
+} from "./formats/snyk/index.js";
 import type {
   StandardVulnerability, Severity, StandardPatch
 } from "./formats/standard/index.js";
@@ -49,10 +51,10 @@ import type {
 export * as Database from "./database/index.js";
 
 export type AllStrategy = {
-  "none": NoneStrategyDefinition;
+  none: NoneStrategyDefinition;
   "github-advisory": GithubAdvisoryStrategyDefinition;
-  "snyk": SnykStrategyDefinition;
-  "sonatype": SonatypeStrategyDefinition;
+  snyk: SnykStrategyDefinition;
+  sonatype: SonatypeStrategyDefinition;
 };
 export type AnyStrategy = AllStrategy[keyof AllStrategy];
 
@@ -98,7 +100,7 @@ export function getStrategy(): AnyStrategy {
 export const strategies = VULN_MODE;
 export const defaultStrategyName = VULN_MODE.NONE;
 
-export {
+export type {
   Kind,
   BaseStrategyOptions,
   BaseStrategy,

diff --git a/src/strategies/github-advisory.ts b/src/strategies/github-advisory.ts
@@ -1,16 +1,17 @@
+/* eslint-disable no-empty */
 // Import Node.js Dependencies
 import fs from "node:fs/promises";
 import path from "node:path";
 
 // Import Third-party Dependencies
 import Arborist from "@npmcli/arborist";
-import { audit, AuditAdvisory } from "@pnpm/audit";
+import { audit, type AuditAdvisory } from "@pnpm/audit";
 import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk";
 import { readWantedLockfile } from "@pnpm/lockfile-file";
 
 // Import Internal Dependencies
 import { VULN_MODE, NPM_TOKEN } from "../constants.js";
-import { StandardVulnerability, standardizeVulnsPayload } from "../formats/standard/index.js";
+import { type StandardVulnerability, standardizeVulnsPayload } from "../formats/standard/index.js";
 import type { Dependencies } from "./types/scanner.js";
 import type {
   BaseStrategyOptions,
@@ -44,7 +45,7 @@ export type NpmAuditAdvisory = {
   range: string;
   /** The set of versions that are vulnerable **/
   vulnerableVersions?: string[];
-}
+};
 
 export type PnpmAuditAdvisory = Exclude<AuditAdvisory, "cwe"> & {
   github_advisory_id: string;
@@ -53,11 +54,11 @@ export type PnpmAuditAdvisory = Exclude<AuditAdvisory, "cwe"> & {
   cvss: {
     score: number;
     vectorString: string;
-  }
+  };
 };
 export type GithubVulnerability = PnpmAuditAdvisory | NpmAuditAdvisory;
 
-export type GithubAdvisoryStrategyDefinition = ExtendedStrategy<"github-advisory", GithubVulnerability>
+export type GithubAdvisoryStrategyDefinition = ExtendedStrategy<"github-advisory", GithubVulnerability>;
 
 export function GitHubAdvisoryStrategy(): GithubAdvisoryStrategyDefinition {
   return {
@@ -140,7 +141,7 @@ async function npmAudit(
   registry: string
 ): Promise<NpmAuditAdvisory[]> {
   const arborist = new Arborist({ ...NPM_TOKEN, registry, path });
-  const { vulnerabilities } = (await arborist.audit()).toJSON() as { vulnerabilities: any[] };
+  const { vulnerabilities } = (await arborist.audit()).toJSON() as { vulnerabilities: any[]; };
 
   // TODO: remove Symbols?
   return Object.values(vulnerabilities)

diff --git a/src/strategies/none.ts b/src/strategies/none.ts
@@ -11,7 +11,6 @@ export function NoneStrategy(): NoneStrategyDefinition {
   };
 }
 
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
 async function hydratePayloadDependencies(dependencies: any) {
   // Do nothing
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		import { typescriptConfig } from "@openally/config.eslint";

		export default typescriptConfig();