Merge pull request #327 from HoyeongJeon/drop-snyk-support

feat(vulnera): drop Snyk support (#325)

Author: fraxken

README.md

@@ -54,11 +54,10 @@ The default strategy is **NONE** which mean no strategy at all (we execute nothi
 - [GitHub Advisory](./docs/github_advisory.md)
 - [Sonatype OSS Index](./docs/sonatype.md)
 - [OSV](./docs/osv.md)
-- Snyk
 
 Those strategies are described as "string" **type** with the following TypeScript definition:
 ```ts
-type Kind = "github-advisory" | "snyk" | "sonatype" | "osv" | "none";
+type Kind = "github-advisory" | "sonatype" | "osv" | "none";
 ```
 
 To add a strategy or better understand how the code works, please consult [the following guide](./docs/adding_new_strategy.md).
@@ -71,7 +70,6 @@ function getStrategy(): AnyStrategy;
 
 const strategies: Object.freeze({
   GITHUB_ADVISORY: "github-advisory",
-  SNYK: "snyk",
   SONATYPE: "sonatype",
   OSV: "osv",
   NONE: "none"
@@ -133,7 +131,6 @@ Where `dependencies` is the dependencies **Map()** object of the NodeSecure Scan
 ### Databases
 - [OSV](./docs/database/osv.md)
 - [NVD](./docs/database/nvd.md)
-- [Snyk](./docs/database/snyk.md)
 - [Sonatype](./docs/database/sonatype.md)
 
 ## Contributors ✨

docs/adding_new_strategy.md

@@ -71,7 +71,6 @@ You must add a new constant in variable `VULN_MODE`
 ```js
 export const VULN_MODE = Object.freeze({
   GITHUB_ADVISORY: "github-advisory",
-  SNYK: "snyk",
   SONATYPE: "sonatype",
   NONE: "none",
   MY_NEW_STRATEGY: "foobar" // <-- here

docs/database/snyk.md

@@ -6,7 +6,7 @@ We provide a high-level format that works for all available strategies. It can b
 export interface StandardVulnerability {
   /** Unique identifier for the vulnerability **/
   id?: string;
-  /** Vulnerability origin, either Snyk, Sonatype, GitHub or NodeSWG **/
+  /** Vulnerability origin, either Sonatype, GitHub or OSV **/
   origin: Origin;
   /** Package associated with the vulnerability **/
   package: string;

docs/formats/standard.md

@@ -3,7 +3,6 @@ export const NPM_TOKEN = typeof process.env.NODE_SECURE_TOKEN === "string" ?
 
 export const VULN_MODE = Object.freeze({
   GITHUB_ADVISORY: "github-advisory",
-  SNYK: "snyk",
   SONATYPE: "sonatype",
   OSV: "osv",
   NONE: "none"

src/constants.ts

@@ -18,12 +18,6 @@ export type {
   OSVQueryBatchResponse
 } from "./osv.ts";
 
-export { Snyk } from "./snyk.ts";
-export type {
-  SnykOptions,
-  SnykFindOneParameters
-} from "./snyk.ts";
-
 export { Sonatype } from "./sonatype.ts";
 export type {
   SonatypeOptions,

src/database/index.ts

@@ -8,7 +8,6 @@ import type {
 } from "./index.ts";
 import type {
   SonatypeVulnerability,
-  SnykVulnerability,
   NpmAuditAdvisory,
   PnpmAuditAdvisory
 } from "../../index.ts";
@@ -144,60 +143,6 @@ function mapFromPnpm(
   };
 }
 
-function mapFromSnyk(
-  vuln: SnykVulnerability
-): OSV {
-  return {
-    id: vuln.id,
-    modified: vuln.publicationTime,
-    published: vuln.disclosureTime ?? vuln.publicationTime,
-    aliases: vuln.identifiers.CVE ?? [],
-    upstream: [],
-    summary: vuln.title,
-    details: vuln.description,
-    severity: [
-      { type: "CVSS_V3", score: vuln.CVSSv3 }
-    ],
-    affected: [
-      {
-        package: {
-          ecosystem: "npm",
-          name: vuln.package,
-          purl: toPurl(vuln.package)
-        },
-        severity: [],
-        ranges: vuln.semver.vulnerable.map((range) => {
-          return {
-            type: "SEMVER",
-            events: semverRangeToOsvEvents(range),
-            database_specific: {}
-          };
-        }),
-        versions: vuln.functions.flatMap((f) => f.version),
-        ecosystem_specific: {},
-        database_specific: {}
-      }
-    ],
-    references: [
-      {
-        type: "WEB",
-        url: vuln.url
-      }
-    ],
-    credits: vuln.credit.map((name) => {
-      return {
-        name,
-        contact: [],
-        type: "FINDER" as const
-      };
-    }),
-    database_specific: {
-      severity: vuln.severity,
-      cvssScore: vuln.cvssScore
-    }
-  };
-}
-
 function mapFromSonatype(
   vuln: SonatypeVulnerability
 ): OSV {
@@ -249,6 +194,5 @@ function mapFromSonatype(
 export const OSV_VULN_MAPPERS = Object.freeze({
   [VULN_MODE.GITHUB_ADVISORY]: mapFromNPM,
   "github-advisory_pnpm": mapFromPnpm,
-  [VULN_MODE.SNYK]: mapFromSnyk,
   [VULN_MODE.SONATYPE]: mapFromSonatype
 });

src/database/snyk.ts

@@ -15,7 +15,7 @@ export interface StandardPatch {
 export interface StandardVulnerability {
   /** Unique identifier for the vulnerability **/
   id?: string;
-  /** Vulnerability origin, either Snyk, Sonatype, GitHub or NodeSWG **/
+  /** Vulnerability origin, either Sonatype, GitHub or OSV **/
   origin: Exclude<Kind, "none">;
   /** Package associated with the vulnerability **/
   package: string;