chore: version 0.9.0 (#89)

* chore: start impleting new NodeSecure back-end

* refactor: complete revamp of CLI commands

* chore: update NodeSecure dependencies

* refactor(lang): use new i18n.getLanguages method

* chore: setup scanner Logger and old tree walker Spinners

* chore: update @nodesecure/scanner (1.3.0 to 1.4.0)

* chore: update @nodesecure/flags (1.0.0 to 1.1.0)

* test: make it work with ESM

* fix: front-end build

* fix(httpServer): always open link when the server is listening

* fix: Emojis legend menu

* chore: update dependencies

* chore: debug on CLIUI

* ci: remove Node.js v12 and v15

* docs: update README

* refactor(startHTTPServer): add options object & add openLink option

* test: utils.js

* test(commands): add summary test

* refactor(test): use tape instead of jest

* fix: eslint V7+ issue

* chore: update dependencies

* chore: update @nodesecure/scanner (1.5.0 to 2.0.0)

* refactor: use @nodesecure/utils & enhance author management

* chore: update @nodesecure/flags (1.2.0 to 2.0.0)

* chore: update @nodesecure/scanner (2.0.1 to 2.1.0)

* chore: use flags v2 and new scanner flags

* refactor: use @nodesecure/vis-network

* refactor(http): clean code - split controllers / middleware (#90)

* chore(http): use http-server folder

* chore(http): move root route

* test(http): add first test

* chore: add updated package.json

* chore(http): finish root tests

* chore: create context (AsyncLocalStorage)

* feat(http): split data endpoint

* chore(http): port middleware in split file

* chore(http): remove useless spec test

* chore(http): fix naming for root import

* chore(http): add flags

* revert: remove sinon deps

* chore: add missing import comment

* fix: move bundlephobia call in the backend (#92)

* feat: add new routes and handle error

* fix: pass httpie error to polka

* feat: replace request

* fix: delete forgotten console.log

* revert: port context

* fix(bundle): support for org namespace

* chore: update dependencies

* chore(cli): fix few minor issues

Co-authored-by: Tony Gorez <[email protected]>

Author: fraxken

.editorconfig

@@ -1,9 +1,14 @@
+# Editor configuration, see https://editorconfig.org
 root = true
 
 [*]
-indent_size = 4
-indent_style = space
-end_of_line = lf
 charset = utf-8
-trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
 insert_final_newline = true
+trim_trailing_whitespace = true
+end_of_line = lf
+
+[*.md]
+max_line_length = off
+trim_trailing_whitespace = false

.eslintrc

@@ -1,10 +1,7 @@
 {
-    "extends": "@slimio/eslint-config",
-    "rules": {
-        "jsdoc/require-jsdoc": "off",
-        "require-atomic-updates": "off",
-        "arrow-body-style": "off",
-        "new-cap": "off",
-        "no-invalid-this": "off"
+    "extends": "@nodesecure/eslint-config",
+    "parserOptions": {
+        "sourceType": "module",
+        "requireConfigFile": false
     }
 }

.github/workflows/nodejs.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [12.x, 14.x, 15.x]
+        node-version: [14.x, 16.x]
       fail-fast: false
     steps:
       - uses: actions/checkout@v2

FLAGS.md

@@ -11,7 +11,6 @@
     <a href="https://www.npmjs.com/package/nsecure"><img src="https://img.shields.io/github/license/ES-Community/nsecure?style=flat-square" alt="license"></a>
     <a href="https://github.com/ES-Community/nsecure/actions?query=workflow%3A%22Node.js+CI%22"><img src="https://img.shields.io/github/workflow/status/ES-Community/nsecure/Node.js%20CI/master?style=flat-square" alt="github ci workflow"></a>
     <a href="https://codecov.io/github/ES-Community/nsecure"><img src="https://img.shields.io/codecov/c/github/ES-Community/nsecure.svg?style=flat-square" alt="codecov"></a>
-    <a href="https://www.npmjs.com/package/nsecure"><img src="https://img.shields.io/david/ES-Community/nsecure?style=flat-square" alt="dependencies"></a>
     <a href="./SECURITY.md"><img src="https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg?style=flat-square" alt="Responsible Disclosure Policy" /></a>
     <a href="https://www.npmjs.com/package/nsecure"><img src="https://img.shields.io/npm/dw/nsecure?style=flat-square" alt="downloads"></a>
 </p>
@@ -21,15 +20,15 @@
 <img src="https://i.imgur.com/3xnTGBl.png">
 </p>
 
-## About
+## 📢 About
 
 [Node.js](https://nodejs.org/en/) security Command Line Interface. The goal of the project is to a design a CLI/API that will fetch and deeply analyze the dependency tree of a given **npm** package (Or a local project with a **package.json**) and output a **.json file** that will contains all metadata and flags about each packages. All this data will allow to quickly identify different issues across projects and packages (related to security and quality).
 
 The CLI allow to load the JSON into a Webpage with the **open** command. The page will draw a Network of all dependencies with [vis.js](https://visjs.org/) (example in the screenshot above). We also wrote a little Google drive document a while ago that summarizes some of these points:
 
 - [NodeSecure G.Drive Design document](https://docs.google.com/document/d/1853Uwup9mityAYqAOnen1KSqSA6hlBgpKU0u0ygGY4Y/edit?usp=sharing)
 
-## Features
+## 📜 Features
 
 - Run an AST analysis on each .js/.mjs file in the packages tarball and sort out warnings (unsafe-regex, unsafe-import etc) and the complete list of required expr and statements (files, node.js module, etc.).
 - Return complete composition for each packages (extensions, files, tarball size, etc).
@@ -39,11 +38,11 @@ The CLI allow to load the JSON into a Webpage with the **open** command. The pag
 - Add flags to each packages versions to identify well known patterns and potential security threats easily.
 - Analyze npm packages and local Node.js projects.
 
-## Requirements
+## 🚧 Requirements
 
-- [Node.js](https://nodejs.org/en/) version 12.12.0 or higher
+- [Node.js](https://nodejs.org/en/) LTS 16.x or higher
 
-## Getting Started
+## 💃 Getting Started
 
 ```bash
 $ npm install nsecure -g
@@ -66,7 +65,7 @@ $ nsecure auto express
 
 > ⚠️ Setup an [npm token](https://github.com/ES-Community/nsecure#private-packages--registry) to avoid hiting the maximum request limit of the npm registry API.
 
-## Usage example
+## 👀 Usage example
 
 To show the complete list of commands
 ```bash
@@ -136,35 +135,11 @@ $ npm config set "http://your-registry/"
 ```
 
 ## API
-Use nsecure as an API package to fetch and work with the generated JSON. The following example demonstrates how to retrieve the Payload for mocha, cacache and is-wsl packages. It's possible to use the **cwd** method if you want to achieve similar work on a local project.
-
-```js
-const { from } = require("nsecure");
-const { writeFile } = require("fs").promises;
-
-async function main() {
-    const toFetch = ["mocha", "cacache", "is-wsl"];
-    const options = { verbose: false }; // disable verbose to not show the spinners
-
-    const payloads = await Promise.all(
-        toFetch.map((name) => from(name, options))
-    );
-
-    const toWritePromise = [];
-    for (let i = 0; i < toFetch.length; i++) {
-        const data = JSON.stringify(payloads[i], null, 2);
-        toWritePromise.push(writeFile(`${toFetch[i]}.json`, data));
-    }
-    await Promise.allSettled(toWritePromise);
-}
-main().catch(console.error);
-```
-
-The SlimIO [Security project](https://github.com/SlimIO/Security) use nsecure with the API to analyze packages and repositories of a given github organization (or user).
+Our back-end scanner package is available [here](https://github.com/NodeSecure/scanner).
 
 ## Flags legends
 
-Flags and emojis legends are documented [here](./FLAGS.md).
+Flags and emojis legends are documented [here](https://github.com/NodeSecure/flags/blob/main/FLAGS.md).
 
 ## Searchbar filters
 
@@ -220,9 +195,5 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
 
 This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
 
-## Roadmap
-
-We have created [a trello](https://trello.com/b/IY6lQ1A1/node-secure) so that we can plan long-term tasks. Do not hesitate to come participate and exchange your ideas!
-
 ## License
 MIT