fraxken
commented
2 years ago @mbalabash You might be interested to contribute on this ? (I know that last time you were looking for things to contribute).
Closed fraxken closed 1 year ago
fraxken
commented
2 years ago @mbalabash You might be interested to contribute on this ? (I know that last time you were looking for things to contribute).
mbalabash
commented
2 years ago Hey! @fraxken I like the idea of this issue, but at the moment I don’t have enough free time to jump into this task.
Mathieuka
commented
2 years ago Hello @fraxken !
I am available and interested in the subject, I am willing to take the issue 🙂
fraxken
commented
2 years ago Release v1.7.0 include the new method (only available for npm strategy right now). We need to work and analyze how to implement the same for other strategy.
fraxken
commented
1 year ago Closing, as today API evolved quite a lot and I think today this is quite ok.
Vuln is originally designed to work with NodeSecure/scanner. However i would like to expand the API to allow any third-party codes to use this package.
The hydratePayloadDependencies method is very specialized for the Scanner. One of my idea is to provide a new method to allow to launch an analysis on a given manifest (package.json). We could ask for a path or even a manifest payload.
However all strategies may not work well with this (Node.js Security WG for example). But we can work step by step to provide support and find solutions for those strategies (no need to rush).