refactor(database)!: Use class for databases and implement ApiCredential (#320)

Author: fraxken

.gitignore

@@ -108,3 +108,4 @@ dist
 .vscode/
 
 temp/
+.claude

docs/database/nvd.md

@@ -4,7 +4,7 @@ NVD stand for <kbd>National Vulnerability Database</kbd>, which is the U.S. gove
 
 ## Implementation Notes
 
-The NVD integration uses the REST API (v2.0) available at [services.nvd.nist.gov](https://services.nvd.nist.gov/rest/json/cves/2.0). 
+The NVD integration uses the REST API (v2.0) available at [services.nvd.nist.gov](https://services.nvd.nist.gov/rest/json/cves/2.0).
 
 ### Search Parameters
 
@@ -30,7 +30,27 @@ export interface NVD {
 
 ## API
 
-### findOne(parameters: NVDApiParameter): Promise< NVD[] >
+### Constructor
+
+```ts
+import * as vulnera from "@nodesecure/vulnera";
+
+const db = new vulnera.Database.NVD({
+  credential: new vulnera.ApiCredential({
+    type: "querystring",
+    name: "apiKey",
+    value: "your-api-key"
+  })
+});
+```
+
+```ts
+export interface NVDOptions {
+  credential?: ApiCredential;
+}
+```
+
+### `findOne(parameters: NVDApiParameter): Promise<NVD[]>`
 Find the vulnerabilities of a given package using available NVD API parameters.
 
 ```ts
@@ -43,19 +63,20 @@ export type NVDApiParameter = {
 };
 ```
 
-### findOneBySpec(spec: string): Promise< NVD[] >
+### `findOneBySpec(spec: string): Promise<NVD[]>`
 Find the vulnerabilities of a given package using the NPM spec format like `packageName@version`.
 
 ```ts
-import * as vulnera from "@nodesecure/vulnera";
-
-const vulns = await vulnera.Database.nvd.findOneBySpec(
-  "express@4.0.0"
-);
+const vulns = await db.findOneBySpec("express@4.0.0");
 console.log(vulns);
 ```
 
-### findMany< T extends string >(specs: T[]): Promise< Record< T, NVD[] > >
+### `findMany<T extends string>(specs: T[]): Promise<Record<T, NVD[]>>`
 Find the vulnerabilities of many packages using the spec format.
 
-Returns a Record where keys are equals to the provided specs. 
+Returns a Record where keys are equals to the provided specs.
+
+```ts
+const vulns = await db.findMany(["express@4.0.0", "lodash@4.17.0"]);
+console.log(vulns);
+```

docs/database/osv.md

@@ -38,7 +38,21 @@ export interface OSV {
 
 ## API
 
-### findOne(parameters: OSVApiParameter): Promise< OSV[] >
+### Constructor
+
+```ts
+import * as vulnera from "@nodesecure/vulnera";
+
+const db = new vulnera.Database.OSV();
+```
+
+```ts
+export interface OSVOptions {
+  credential?: ApiCredential;
+}
+```
+
+### `findOne(parameters: OSVApiParameter): Promise<OSV[]>`
 Find the vulnerabilities of a given package using available OSV API parameters.
 
 ```ts
@@ -54,19 +68,20 @@ export type OSVApiParameter = {
 }
 ```
 
-### findOneBySpec(spec: string): Promise< OSV[] >
+### `findOneBySpec(spec: string): Promise<OSV[]>`
 Find the vulnerabilities of a given package using the NPM spec format like `packageName@version`.
 
 ```ts
-import * as vulnera from "@nodesecure/vulnera";
-
-const vulns = await vulnera.Database.osv.findOneBySpec(
-  "01template1"
-);
+const vulns = await db.findOneBySpec("01template1");
 console.log(vulns);
 ```
 
-### findMany< T extends string >(specs: T[]): Promise< Record< T, OSV[] > >
+### `findMany<T extends string>(specs: T[]): Promise<Record<T, OSV[]>>`
 Find the vulnerabilities of many packages using the spec format.
 
 Return a Record where keys are equals to the provided specs.
+
+```ts
+const vulns = await db.findMany(["express@4.0.0", "lodash@4.17.0"]);
+console.log(vulns);
+```

docs/database/snyk.md

@@ -0,0 +1,95 @@
+# Snyk
+
+[Snyk](https://snyk.io/fr) Snyk Limited is a developer-oriented cybersecurity company, specializing in securing custom developed code, open-source dependencies and cloud infrastructure.
+
+## Implementation Notes
+
+The Snyk integration uses the REST API (v1) available at [snyk.io](https://snyk.io/api/v1/test/npm) to perform security audit.
+
+### Authentication
+
+The `Snyk` constructor requires an `org` and a `credential`. These are generated when you create an organization on Snyk.
+
+- `org`: Your Snyk organization ID
+- `credential`: An `ApiCredential` instance using the `token` type (passed as `Authorization: token <token>` header)
+
+### Format
+
+The Snyk interface is exported as root like `SnykAuditResponse`.
+
+```ts
+export interface SnykAuditResponse {
+  /** Does this package have one or more issues? **/
+  ok: boolean;
+  /** The issues found. **/
+  issues: {
+    vulnerabilities: SnykVulnerability[];
+    licenses: SnykVulnerability[];
+  };
+  /** The number of dependencies the package has. **/
+  dependencyCount: number;
+  /** The organization this test was carried out for. **/
+  org: {
+    id: string;
+    name: string;
+  };
+  /** The organization's licenses policy used for this test **/
+  licensesPolicy: null | object;
+  /** The package manager for this package **/
+  packageManager: string;
+}
+```
+
+## API
+
+### Constructor
+
+```ts
+import * as vulnera from "@nodesecure/vulnera";
+
+const db = new vulnera.Database.Snyk({
+  org: process.env.SNYK_ORG,
+  credential: new vulnera.ApiCredential(process.env.SNYK_TOKEN)
+});
+```
+
+```ts
+export interface SnykOptions {
+  org: string;
+  credential: ApiCredential;
+}
+```
+
+### `findOne(parameters: SnykFindOneParameters): Promise<SnykAuditResponse>`
+
+Find the vulnerabilities of a given package using available SnykFindOneParameters API parameters.
+
+```ts
+export type SnykFindOneParameters = {
+  files: {
+    target: {
+      contents: string;
+    };
+    additional?: {
+      contents: string;
+    }[];
+  };
+};
+```
+
+```ts
+import * as vulnera from "@nodesecure/vulnera";
+
+const db = new vulnera.Database.Snyk({
+  org: process.env.SNYK_ORG,
+  credential: new vulnera.ApiCredential({
+    type: "token",
+    token: process.env.SNYK_TOKEN
+  })
+});
+const result = await db.findOne({
+  files: {
+    target: { contents: packageJsonBase64 }
+  }
+});
+```

docs/database/sonatype.md

@@ -2,37 +2,84 @@
 
 Sonatype provides software supply chain security and repository management tools to help organizations manage risks in their open source dependencies.
 
-### Implementation Notes
+## Implementation Notes
 
 The Sonatype integration uses the REST API (v3) available at [ossindex.sonatype.org](https://ossindex.sonatype.org/api/v3/component-report).
 
+### Authentication
+
+`Sonatype` supports optional basic auth credentials for higher rate limits. Without credentials, the API is still accessible at reduced rate limits.
+
 ### Format
 
-the Sonatype interface is exported as root like `SonatypeResponse`.
+The Sonatype interface is exported as root like `SonatypeResponse`.
+
+```ts
+export type SonatypeResponse = {
+  coordinates: string;
+  vulnerabilities: SonatypeVulnerability[];
+};
+```
+
+## API
+
+### Constructor
+
+```ts
+import * as vulnera from "@nodesecure/vulnera";
+
+const db = new vulnera.Database.Sonatype({
+  credential: new vulnera.ApiCredential({
+    type: "basic",
+    username: process.env.SONATYPE_USERNAME,
+    password: process.env.SONATYPE_PASSWORD
+  })
+});
+```
 
 ```ts
-export type SonatypeResponse = { 
-    coordinates: string; vulnerabilities: SonatypeVulnerability[]; 
-    };
+export interface SonatypeOptions {
+  credential?: ApiCredential;
+}
 ```
-### API
 
-### findOne(parameters: SonaTypeFindOneParameters): Promise< SonatypeResponse[] >
+### `findOne(parameters: SonaTypeFindOneParameters): Promise<SonatypeResponse[]>`
+
+Find the vulnerabilities of a given package using available Sonatype API parameters.
 
 ```ts
 export type SonaTypeFindOneParameters = {
   coordinates: string[];
 };
 ```
 
-Find the vulnerabilities of a given package using available Sonatype API parameters.
+```ts
+import * as vulnera from "@nodesecure/vulnera";
 
-### findMany(parameters: SonaTypeFindManyParameters): Promise< SonatypeResponse[] > >
+const db = new vulnera.Database.Sonatype();
+const vulns = await db.findOne({ coordinates: ["pkg:npm/express@4.0.0"] });
+console.log(vulns);
+```
+
+### `findMany(parameters: SonaTypeFindManyParameters): Promise<SonatypeResponse[]>`
+
+Find the vulnerabilities of many packages.
 
 ```ts
 export type SonaTypeFindManyParameters = {
   coordinates: string[][];
 };
 ```
 
-Find the vulnerabilities of many packages.
+```ts
+import * as vulnera from "@nodesecure/vulnera";
+
+const db = new vulnera.Database.Sonatype();
+const vulns = await db.findMany({
+  coordinates: [
+    ["pkg:npm/express@4.0.0"],
+    ["pkg:npm/lodash@4.17.0"]
+  ]
+});
+console.log(vulns);
+```

docs/database/synk.md

@@ -1,7 +1,5 @@
 export const NPM_TOKEN = typeof process.env.NODE_SECURE_TOKEN === "string" ?
   { token: process.env.NODE_SECURE_TOKEN } : {};
-export const SNYK_ORG = process.env.SNYK_ORG;
-export const SNYK_TOKEN = process.env.SNYK_TOKEN;
 
 export const VULN_MODE = Object.freeze({
   GITHUB_ADVISORY: "github-advisory",