v7.1.0

What's Changed

• chore(deps): bump the github-actions group with 2 updates by @dependabot in #255
• chore(deps-dev): bump eslint from 8.57.0 to 9.0.0 in the development-dependencies group by @dependabot in #257
• Create EntryFilesAnalyzer class to analyze a set of entry files by @jean-michelet in #258
• Handle ImportExpression nodes by @jean-michelet in #261
• chore(deps): bump the github-actions group with 5 updates by @dependabot in #262
• add shady link regex for check url with ips by @sairuss7 in #260
• docs: add sairuss7 as a contributor for code by @allcontributors in #263

EntryFilesAnalyzer

import { EntryFilesAnalyser } from "@nodesecure/js-x-ray";

const efa = new EntryFilesAnalyser();
const entryFiles = ["./path/to/file"];

for await (const fileResult of efa.analyse(entryFiles)) {
  console.log(entryFiles);
}

New Contributors

• @sairuss7 made their first contribution in #260

Full Changelog: v7.0.0...v7.1.0

v7.0.0

What's Changed

• chore(deps): bump is-svg from 4.4.0 to 5.0.0 by @dependabot in #181
• Docs: Fix badges in workspaces by @fabnguess in #184
• fix the example in readme to prevent "location" field displays wrong way when running as script with Node.js. (nested displayed as [Array]) by @zxkmm in #185
• refactor(test): move regress to /issues folder by @fraxken in #186
• refactor: remove ASTDeps class and rename Anaysis to SourceFile by @fraxken in #187
• refactor: use new SourceParser class by @fraxken in #189
• chore(deps): bump string-width from 5.1.2 to 7.0.0 by @dependabot in #182
• refactor(probe): allow array of validateNode functions by @fraxken in #191
• docs: estree-ast-utils typo by @PierreDemailly in #192
• fix(estree-ast-utils): add missing d.ts by @fraxken in #193
• feat(getCallExpressionIdentifier): add resolveCallExpression option by @fraxken in #194
• refactor: new ProbeRunner class by @fraxken in #195
• fix(unsafe-import): warning on unsafe-import using eval/require by @tchapacan in #190
• fix(isRequire): do not resolve CallExpr by @fraxken in #200
• Remove mockedFunction for Node.js test runner mock method by @jean-michelet in #201
• docs: add jean-michelet as a contributor for test by @allcontributors in #202
• chore(deps-dev): bump c8 from 8.0.1 to 9.0.0 by @dependabot in #199
• chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #197
• Bug#170 by @jean-michelet in #206
• feat(probeRunner): assert probes method in proberunner by @tchapacan in #204
• docs: add tchapacan as a contributor for code, and test by @allcontributors in #207
• Report.isOneLineRequire should be true if single line LogicalExpression assignment by @jean-michelet in #205
• refactor: split utils by @mkarkkainen in #209
• docs: add mkarkkainen as a contributor for code by @allcontributors in #210
• replace dead link by the webarchive one by @jean-michelet in #213
• build path.join called in require if args are string literals by @jean-michelet in #212
• chore(deps): bump actions/setup-node from 4.0.0 to 4.0.1 by @dependabot in #198
• chore(deps): bump github/codeql-action from 2.22.8 to 3.22.12 by @dependabot in #196
• Make SourceParser class heritable + create and use JsSourceParser in … by @jean-michelet in #215
• Refactor runASTAnalysis functions to use class AstAnalyser by @jean-michelet in #216
• docs: add jean-michelet as a contributor for code, test, and doc by @allcontributors in #217
• Create ts-source-parser package by @jean-michelet in #218
• docs(suspicious-file): fix typo by @FredGuiou in #219
• docs: add FredGuiou as a contributor for doc by @allcontributors in #222
• Update doc by @jean-michelet in #226
• refactor: consider Function("return this") as safe by @fraxken in #211
• refactor(analysis) : rename 'analysis' variable to 'sourceFile' by @FredGuiou in #232
• chore(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 by @dependabot in #230
• chore(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0 by @dependabot in #229
• chore(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by @dependabot in #228
• docs: add FredGuiou as a contributor for code, and doc by @allcontributors in #234
• Refactor isRequire probe with new class RequireCallExpressionWalker by @jean-michelet in #231
• Use JsSourceParser as default parser for AstAnalyser class by @madina0801 in #227
• docs: add madina0801 as a contributor for code by @allcontributors in #236
• refactor!: implement NodeCounter & Deobfuscator class by @fraxken in #239
• refactor(sec-literal/test): use the Node.js native test runner by @fabnguess in #242
• chore: update copyright by @fabnguess in #240
• chore: using dependabot groups by @fabnguess in #244
• refactor(estree-ast-utils/test): migrate to test_runner by @FredGuiou in #251
• chore(deps): bump the github-actions group with 3 updates by @dependabot in #248
• chore(deps): bump the dependencies group with 1 update by @dependabot in #252
• feat(customProbes): inject custom probes as param for AstAnalyser by @tchapacan in #250
• ci(nodejs): automatically merge dependabot PR by @fraxken in #254

New Contributors

• @zxkmm made their first contribution in #185
• @tchapacan made their first contribution in #190
• @jean-michelet made their first contribution in #201
• @mkarkkainen made their first contribution in #209
• @FredGuiou made their first contribution in #219
• @madina0801 made their first contribution in #227

Full Changelog: v6.3.0...v7.0.0

v6.3.0

What's Changed

• chore(deps): bump step-security/harden-runner from 2.5.1 to 2.6.1 by @dependabot in #162
• docs: use new blockquotes & remove outdated parts by @fraxken in #171
• chore: setup workspaces by @fraxken in #172
• fix(workspaces): git, bugs & homepage URL by @fraxken in #173
• chore(warning): allow null for location & add configurable kind by @fraxken in #176
• fix(ASTDeps): add missing Symbol.iterator in class typedef by @fraxken in #175

Full Changelog: v6.2.1...v6.3.0

v6.2.1

What's Changed

• fix: illegal return statement parsing error by @fraxken in #164
• docs: improve warnings markdown docs by @fraxken in #167
• fix: remove require.resolve console.log by @fraxken in #169

Full Changelog: v6.2.0...v6.2.1

v6.2.0

What's Changed

• chore: update license badge by @fabnguess in #132
• Detect atob by @fraxken in #143
• refactor: migrate to Node.js native test runner by @fraxken in #108
• fix: broken morse detection by @PierreDemailly in #149
• chore: drop support for Node 16 by @fabnguess in #157
• Add a source property to Warnings by @fabnguess in #160

Full Changelog: v6.1.1...v6.2.0

v6.1.1

What's Changed

• docs: add banner and center badges with TML format by @fraxken in #85
• Add dependabot yml configuration by @fabnguess in #86
• chore(deps-dev): bump @slimio/is from 1.5.1 to 2.0.0 by @dependabot in #92
• chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 by @dependabot in #91
• chore(deps): bump actions/setup-node from 2 to 3 by @dependabot in #90
• chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #89
• chore(deps): bump github/codeql-action from 2.1.27 to 2.1.39 by @dependabot in #88
• chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #87
• chore(StepSecurity): Apply security best practices by @step-security-bot in #94
• chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #96
• chore(deps): bump github/codeql-action from 2.2.1 to 2.2.4 by @dependabot in #99
• ci: disable nsci warnings by @fraxken in #104
• Update dependabot frequency by @fabnguess in #102
• chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #103
• chore(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0 by @dependabot in #101
• feat: add shady-link warning by @PierreDemailly in #105
• docs: add PierreDemailly as a contributor for code, and test by @allcontributors in #106
• fix(security): add missing workflow top level permissions by @fraxken in #107
• feat: add removeHTMLComments option by @fraxken in #114
• chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #110
• chore(deps): bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in #112
• chore(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in #113
• chore(deps): bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in #111
• 6.1.0 by @fraxken in #115
• chore(deps-dev): bump @types/node from 18.16.17 to 20.3.0 by @dependabot in #127
• chore(deps): bump step-security/harden-runner from 2.2.1 to 2.4.0 by @dependabot in #126
• chore(deps): bump github/codeql-action from 2.2.9 to 2.3.5 by @dependabot in #125
• chore(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4 by @dependabot in #124
• chore(deps): bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #117
• fix(ci): enable codecov using lcov reporter by @fraxken in #128
• fix: missing parsing_error in warnings list by @halcin in #131
• chore(deps-dev): bump c8 from 7.14.0 to 8.0.0 by @dependabot in #130

New Contributors

• @fabnguess made their first contribution in #86
• @step-security-bot made their first contribution in #94
• @halcin made their first contribution in #131

Full Changelog: v6.0.1...v6.1.1

v6.1.0

What's Changed

• docs: add banner and center badges with TML format by @fraxken in #85
• Add dependabot yml configuration by @fabnguess in #86
• chore(deps-dev): bump @slimio/is from 1.5.1 to 2.0.0 by @dependabot in #92
• chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 by @dependabot in #91
• chore(deps): bump actions/setup-node from 2 to 3 by @dependabot in #90
• chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #89
• chore(deps): bump github/codeql-action from 2.1.27 to 2.1.39 by @dependabot in #88
• chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #87
• chore(StepSecurity): Apply security best practices by @step-security-bot in #94
• chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #96
• chore(deps): bump github/codeql-action from 2.2.1 to 2.2.4 by @dependabot in #99
• ci: disable nsci warnings by @fraxken in #104
• Update dependabot frequency by @fabnguess in #102
• chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #103
• chore(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0 by @dependabot in #101
• feat: add shady-link warning by @PierreDemailly in #105
• docs: add PierreDemailly as a contributor for code, and test by @allcontributors in #106
• fix(security): add missing workflow top level permissions by @fraxken in #107
• feat: add removeHTMLComments option by @fraxken in #114
• chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #110
• chore(deps): bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in #112
• chore(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in #113
• chore(deps): bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in #111

New Contributors

• @fabnguess made their first contribution in #86
• @step-security-bot made their first contribution in #94

Full Changelog: v6.0.1...v6.1.0

v6.0.1

What's Changed

• fix: parsing-error because of unhandled syntax or null values by @fraxken in #84

Full Changelog: v6.0.0...v6.0.1

v6.0.0

What's Changed

• test: add isAssignmentExpression tests by @PierreDemailly in #48
• test: add isFunctionDeclaration tests by @PierreDemailly in #47
• [Snyk] Upgrade meriyah from 4.3.0 to 4.3.1 by @fraxken in #49
• test: add isBinaryExpression probe UT by @fraxken in #50
• test: add isRegexObject UT by @fraxken in #51
• test: add ut for isMemberExpression by @M4gie in #53
• refactor: use estree-ast-utils functions by @fraxken in #54
• [Snyk] Upgrade meriyah from 4.3.1 to 4.3.2 by @fraxken in #55
• test: add UT for isLiteralRegex probe by @fraxken in #56
• docs: add M4gie as a contributor for code by @allcontributors in #58
• refactor: use file urls in tests by @targos in #60
• [Snyk] Upgrade meriyah from 4.3.2 to 4.3.3 by @snyk-bot in #63
• refactor: implement new VariableTracer by @fraxken in #57
• chore(deps): bump json5 from 2.2.1 to 2.2.3 by @dependabot in #64
• fix(ASTDeps): depName.trim is not a function by @fraxken in #65
• docs: add targos as a contributor for code, and bug by @allcontributors in #66
• refactor: enhance parseScript to always support ESM by @fraxken in #67
• test(probes): implement isImportDeclaration by @fraxken in #68
• feat: adding new probes to improve short identifiers detection by @fraxken in #69
• Enhance security by @fraxken in #70
• test: add UT for isLiteral probe by @fraxken in #71
• test: implement isRequire probe UT and remove old/unused tests by @fraxken in #72
• test: add isArrayExpression probe by @fraxken in #73
• feat: add coverage with c8 by @fraxken in #74
• docs: update title and badges by @fraxken in #75
• test: add isUnaryExpression probe by @fraxken in #76
• test: add isVariableDeclaration probe by @fraxken in #77
• Enhance ut coverage by @fraxken in #78
• fix(dts): add missing .js extension by @fraxken in #79
• refactor: detect function parameters and handle isFunctionExpression by @fraxken in #81
• chore: update @nodesecure/sec-literal (1.1.0 to 1.2.0) by @fraxken in #82
• feat: add suspicious-file warning by @fraxken in #83

New Contributors

• @M4gie made their first contribution in #53
• @targos made their first contribution in #60
• @snyk-bot made their first contribution in #63
• @dependabot made their first contribution in #64

Full Changelog: v5.1.0...v6.0.0

v5.1.0

What's Changed

• test(probes): add ut for isObjectExpression probe (#24) by @PierreDemailly in #39
• docs: add PierreDemailly as a contributor for test by @allcontributors in #40
• Redefined Dependency Interface as required in @nodesecure/scanner by @Aekk0 in #43
• docs: add Aekk0 as a contributor for code by @allcontributors in #45
• fix: remove Node.js WG security disclosure by @fraxken in #46

New Contributors

• @PierreDemailly made their first contribution in #39
• @Aekk0 made their first contribution in #43

Full Changelog: v5.0.1...v5.1.0