Skip to content

Commit 6075920

Browse files
fraxkenfraxken
authored
fix(scanner): comment NPM avatar hydratation (#669)
1 parent d6f9487 commit 6075920

3 files changed

Lines changed: 65 additions & 54 deletions

File tree

.changeset/better-trams-relax.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"@nodesecure/scanner": patch
3+
---
4+
5+
Comment NPM avatar hydratation because the .user() API in the SDK is deprecated and cannot be used anymore

workspaces/scanner/src/registry/fetchNpmAvatars.ts

Lines changed: 44 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
// Import Third-party Dependencies
2-
import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
2+
// import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
33

44
// Import Internal Dependencies
55
import type {
@@ -20,9 +20,14 @@ export async function fetchNpmAvatars(
2020
];
2121
const avatarCache = new Map<string, string>();
2222

23-
await Promise.all(
24-
contributors.map((contributor) => enrichContributorWithAvatar(contributor, avatarCache))
25-
);
23+
/**
24+
* @deprecated
25+
* NPM website user API is no longer exploitable for avatar
26+
* We need to find an alternative way to fetch avatars
27+
*/
28+
// await Promise.all(
29+
// contributors.map((contributor) => enrichContributorWithAvatar(contributor, avatarCache))
30+
// );
2631

2732
// Backfill missing avatars: some contributors may have failed username lookup
2833
// but their email might match a cached avatar from a successful contributor
@@ -36,44 +41,44 @@ export async function fetchNpmAvatars(
3641
});
3742
}
3843

39-
async function enrichContributorWithAvatar(
40-
contributor: Contributor,
41-
avatarCache: Map<string, string>
42-
): Promise<void> {
43-
if (trySetAvatarFromCache(contributor, avatarCache)) {
44-
return;
45-
}
44+
// async function enrichContributorWithAvatar(
45+
// contributor: Contributor,
46+
// avatarCache: Map<string, string>
47+
// ): Promise<void> {
48+
// if (trySetAvatarFromCache(contributor, avatarCache)) {
49+
// return;
50+
// }
4651

47-
try {
48-
const profile = await npmRegistrySDK.user(
49-
contributor.name,
50-
{ perPage: 1 }
51-
);
52-
contributor.npmAvatar = profile.avatars.small;
52+
// try {
53+
// const profile = await npmRegistrySDK.user(
54+
// contributor.name,
55+
// { perPage: 1 }
56+
// );
57+
// contributor.npmAvatar = profile.avatars.small;
5358

54-
if (contributor.email && contributor.npmAvatar) {
55-
avatarCache.set(contributor.email, contributor.npmAvatar);
56-
}
57-
}
58-
catch {
59-
contributor.npmAvatar = undefined;
60-
}
61-
}
59+
// if (contributor.email && contributor.npmAvatar) {
60+
// avatarCache.set(contributor.email, contributor.npmAvatar);
61+
// }
62+
// }
63+
// catch {
64+
// contributor.npmAvatar = undefined;
65+
// }
66+
// }
6267

63-
function trySetAvatarFromCache(
64-
contributor: Contributor,
65-
avatarCache: Map<string, string>
66-
): boolean {
67-
if (!contributor.email) {
68-
return false;
69-
}
68+
// function trySetAvatarFromCache(
69+
// contributor: Contributor,
70+
// avatarCache: Map<string, string>
71+
// ): boolean {
72+
// if (!contributor.email) {
73+
// return false;
74+
// }
7075

71-
const cachedAvatar = avatarCache.get(contributor.email);
72-
if (cachedAvatar) {
73-
contributor.npmAvatar = cachedAvatar;
76+
// const cachedAvatar = avatarCache.get(contributor.email);
77+
// if (cachedAvatar) {
78+
// contributor.npmAvatar = cachedAvatar;
7479

75-
return true;
76-
}
80+
// return true;
81+
// }
7782

78-
return false;
79-
}
83+
// return false;
84+
// }

workspaces/scanner/test/depWalker.spec.ts

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ import {
2020
type Identifier
2121
} from "../src/index.ts";
2222

23+
// VARS
24+
const skip = false;
25+
2326
// CONSTANTS
2427
const __dirname = path.dirname(url.fileURLToPath(import.meta.url));
2528
const kFixturePath = path.join(__dirname, "fixtures", "depWalker");
@@ -75,7 +78,7 @@ function cleanupPayload(payload: Payload) {
7578
}
7679
}
7780

78-
test("execute depWalker on @slimio/is", async(test) => {
81+
test("execute depWalker on @slimio/is", { skip }, async(test) => {
7982
Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY);
8083
const { logger, errorCount } = buildLogger();
8184
test.after(() => logger.removeAllListeners());
@@ -93,7 +96,7 @@ test("execute depWalker on @slimio/is", async(test) => {
9396
assert.strictEqual(errorCount(), 0);
9497
});
9598

96-
test("execute depWalker on @slimio/config", async(test) => {
99+
test("execute depWalker on @slimio/config", { skip }, async(test) => {
97100
Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY);
98101
const { logger, errorCount } = buildLogger();
99102
test.after(() => logger.removeAllListeners());
@@ -123,15 +126,15 @@ test("execute depWalker on @slimio/config", async(test) => {
123126
"@slimio/config"
124127
].sort());
125128

126-
const ajvDescriptor = resultAsJSON.ajv.versions["6.12.6"];
129+
const ajvDescriptor = resultAsJSON.ajv.versions["6.14.0"];
127130
const ajvUsedBy = Object.keys(ajvDescriptor.usedBy);
128131
assert.deepEqual(ajvUsedBy, [
129132
"@slimio/config"
130133
]);
131134
assert.strictEqual(errorCount(), 0);
132135
});
133136

134-
test("execute depWalker on pkg.gitdeps", async(test) => {
137+
test("execute depWalker on pkg.gitdeps", { skip }, async(test) => {
135138
Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY);
136139
const { logger, errors, statsCount } = buildLogger();
137140
test.after(() => logger.removeAllListeners());
@@ -149,13 +152,11 @@ test("execute depWalker on pkg.gitdeps", async(test) => {
149152
"@nodesecure/npm-types",
150153
"@openally/httpie",
151154
"@openally/result",
152-
"content-type",
153155
"lru-cache",
154156
"nanodelay",
155157
"nanoevents",
156158
"nanoid",
157159
"pkg.gitdeps",
158-
"statuses",
159160
"undici",
160161
"zen-observable"
161162
].sort());
@@ -178,13 +179,13 @@ test("execute depWalker on pkg.gitdeps", async(test) => {
178179
assert.strictEqual(typeof metadata.startedAt, "number");
179180
assert.strictEqual(typeof metadata.executionTime, "number");
180181
assert.strictEqual(Array.isArray(metadata.apiCalls), true);
181-
assert.strictEqual(metadata.apiCallsCount, 50);
182+
assert.strictEqual(metadata.apiCallsCount, 42);
182183
assert.strictEqual(metadata.errorCount, 2);
183184
assert.strictEqual(metadata.errors.length, 2);
184-
assert.strictEqual(statsCount(), 48);
185+
assert.strictEqual(statsCount(), 40);
185186
});
186187

187-
test("execute depWalker on typo-squatting (with location)", async(test) => {
188+
test("execute depWalker on typo-squatting (with location)", { skip }, async(test) => {
188189
Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY);
189190
const { logger, errors, statsCount } = buildLogger();
190191
test.after(() => logger.removeAllListeners());
@@ -223,7 +224,7 @@ test("execute depWalker on typo-squatting (with location)", async(test) => {
223224
assert.strictEqual(statsCount(), 0);
224225
});
225226

226-
test("execute depWalker on typo-squatting (with no location)", async(test) => {
227+
test("execute depWalker on typo-squatting (with no location)", { skip }, async(test) => {
227228
Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY);
228229
const { logger, errors } = buildLogger();
229230
test.after(() => logger.removeAllListeners());
@@ -250,7 +251,7 @@ test("execute depWalker on typo-squatting (with no location)", async(test) => {
250251
]);
251252
});
252253

253-
test("should highlight the given packages", async() => {
254+
test("should highlight the given packages", { skip }, async() => {
254255
const { logger } = buildLogger();
255256
test.after(() => logger.removeAllListeners());
256257

@@ -280,7 +281,7 @@ test("should highlight the given packages", async() => {
280281
);
281282
});
282283

283-
test("should support multiple formats for packages highlighted", async() => {
284+
test("should support multiple formats for packages highlighted", { skip }, async() => {
284285
const { logger } = buildLogger();
285286
test.after(() => logger.removeAllListeners());
286287

@@ -307,7 +308,7 @@ test("should support multiple formats for packages highlighted", async() => {
307308
);
308309
});
309310

310-
test("fetch payload of pacote on the npm registry", async() => {
311+
test("fetch payload of pacote on the npm registry", { skip }, async() => {
311312
const result = await from(
312313
"pacote",
313314
{
@@ -329,7 +330,7 @@ test("fetch payload of pacote on the npm registry", async() => {
329330
assert.strictEqual(typeof result.rootDependency.integrity, "string");
330331
});
331332

332-
test("fetch payload of pacote on the gitlab registry", async() => {
333+
test("fetch payload of pacote on the gitlab registry", { skip }, async() => {
333334
const result = await from("pacote", {
334335
registry: "https://gitlab.com/api/v4/packages/npm/",
335336
maxDepth: 10,
@@ -349,7 +350,7 @@ test("fetch payload of pacote on the gitlab registry", async() => {
349350
assert.strictEqual(typeof result.rootDependency.integrity, "string");
350351
});
351352

352-
test("highlight contacts from a remote package", async() => {
353+
test("highlight contacts from a remote package", { skip }, async() => {
353354
const spec = "@adonisjs/logger";
354355
const result = await from(spec, {
355356
highlight: {

0 commit comments

Comments
 (0)