davidwindham.com / npmx.dev
forked from npmx.dev/npmx.dev
[READ-ONLY] a fast, modern browser for the npm registry
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: correct vulnerability data parsing and severity type (#769)

authored by

Craig Hart and committed by
GitHub 1a81573a 44c6c4cc

+21 -13
+21 -13
app/composables/usePackageComparison.ts
··· 1 - import type { FacetValue, ComparisonFacet, ComparisonPackage, Packument } from '#shared/types' 1 + import type { 2 + FacetValue, 3 + ComparisonFacet, 4 + ComparisonPackage, 5 + Packument, 6 + VulnerabilityTreeResult, 7 + } from '#shared/types' 2 8 import { encodePackageName } from '#shared/utils/npm' 3 9 import type { PackageAnalysisResponse } from './usePackageAnalysis' 4 10 import { isBinaryOnlyPackage } from '#shared/utils/binary-detection' ··· 17 23 analysis?: PackageAnalysisResponse 18 24 vulnerabilities?: { 19 25 count: number 20 - severity: { critical: number; high: number; medium: number; low: number } 26 + severity: { critical: number; high: number; moderate: number; low: number } 21 27 } 22 28 metadata?: { 23 29 license?: string ··· 98 104 `https://api.npmjs.org/downloads/point/last-week/${encodePackageName(name)}`, 99 105 ).catch(() => null), 100 106 $fetch<PackageAnalysisResponse>(`/api/registry/analysis/${name}`).catch(() => null), 101 - $fetch<{ 102 - vulnerabilities: Array<{ severity: string }> 103 - }>(`/api/registry/vulnerabilities/${name}`).catch(() => null), 107 + $fetch<VulnerabilityTreeResult>(`/api/registry/vulnerabilities/${name}`).catch( 108 + () => null, 109 + ), 104 110 ]) 105 111 106 112 const versionData = pkgData.versions[latestVersion] ··· 115 121 exports: versionData?.exports, 116 122 }) 117 123 118 - // Count vulnerabilities by severity 119 - const vulnCounts = { critical: 0, high: 0, medium: 0, low: 0 } 120 - const vulnList = vulns?.vulnerabilities ?? [] 121 - for (const v of vulnList) { 122 - const sev = v.severity.toLowerCase() as keyof typeof vulnCounts 123 - if (sev in vulnCounts) vulnCounts[sev]++ 124 + // Vulnerabilities 125 + let vulnsTotal: number = 0 126 + let vulnsSeverity = { critical: 0, high: 0, moderate: 0, low: 0 } 127 + 128 + if (vulns) { 129 + const { total, ...severity } = vulns.totalCounts 130 + vulnsTotal = total 131 + vulnsSeverity = severity 124 132 } 125 133 126 134 return { ··· 134 142 installSize: undefined, // Will be filled in second pass 135 143 analysis: analysis ?? undefined, 136 144 vulnerabilities: { 137 - count: vulnList.length, 138 - severity: vulnCounts, 145 + count: vulnsTotal, 146 + severity: vulnsSeverity, 139 147 }, 140 148 metadata: { 141 149 license: pkgData.license,