TrustSource node client - node module to transfer dependency information to TrustSource server.

Package now support package-lock.json v.3

Package now support yarn v.2+

Package now is not including npm anymore. The addition has been done due to missing programmatic API in npm >= 8.0.0 and in order to skip deprecated dependencies

This change affects the structure of scans slightly, but it heavily improves the scanner.

• node >= 12.0.0 use ts-node-client@3.1.+*

• node >= 8.9.0
• npm < 8.0.0 use ts-node-client@1.*
• npm >= 8.0.0 use ts-node-client@2.*

Run: npm install --save-dev ts-node-client or yarn add --dev ts-node-client

You can add install_and_scan script to the package.json file to install and transfer dependency information using one command npm run install_and_scan:

"scripts": {
  "install_and_scan": "npm install && ts-node-client -k apiKey -p Project"
},

To store your credentials for automated transfer you may create .tsrc.json in your project directory or in your home directory to set credentials globally (not recommended!)

.tsrc.json example:

{
  "apiKey": "apiKey",
  "url": "https://app.trustsource.io",
  "project": "Project Description"
}

You also may initiate transfer to TrustSource server manually by executing following command via terminal:

node_modules/.bin/ts-node-client
node_modules/.bin/ts-node-client -k apiKey -p Project --breakOnWarnings false --breakOnViolations true
node_modules/.bin/ts-node-client -c config.json 

npm / node module to transfer dependency information to TrustSource server.

Options:
  --apiKey, -k    apiKey                                             [default: null]
  --project, -p   Project name                                       [default: null]
  --branch, -b    Scan branch                                        [default: null]
  --tag, -t       Scan tag                                           [default: null]
  --binaryLinks   Binary links separated by comma                    [default: null]
  --url           url                                                [default: null]
  --config, -c    Config path                                        [default: null]
  --proxy         Proxy url like 'https://user:password@host:port'   [default: null]
  --version       Prints a version                                   [default: null]
  --saveAs, -o              Save as file (file name prefix)          [default: null]
  --saveAsFormat, -f      Save as format (scan / cydx / spdx)       [default: null]
  --debug                                                            [default: null]
  --simulate                                                         [default: null]
  --includeDevDependencies                                           [default: null]
  --meteor                                                           [default: null]
  --breakOnWarnings                                                  [default: null]
  --breakOnViolations                                                [default: null]
  --help          Prints a usage statement                           [boolean]

PLEASE NOTE: if you want to pass param into function you should add value, for example:

--breakOnViolations true or --saveAs sbom

View SBOM

You should upgrade to 2.* versions of ts-node-client

• npm.ls cli -> package-lock.json parse
• npm removed
• updated dependencies

• Migrate 1.6.* - 1.8.* changes to version 2.1
• Bump dependencies

• Support new scan tool and fix problem with programmatic API for >= npm@8.0.0
• Stop usage of global-npm until we find new resolution
• Get back npm as local dependency

• SBOM
• --saveAs and --saveAsFormat
• Bump minimist from 1.2.5 to 1.2.6
• Bump urijs from 1.19.10 to 1.19.11
• replace packageurl-js with simple local function
• improve docs

• request -> axios
• fix dependencies
• doc fixes

• --breakOnWarnings and --breakOnViolations
• Bump devDependencies

• Describe Error: The programmatic API was removed in npm v8.0.0
• Bump devDependencies
• Introduce sonarjs

• Bump glob-parent from 5.1.1 to 5.1.2
• Bump path-parse from 1.0.6 to 1.0.7
• Bump lodash from 4.17.19 to 4.17.21
• Bump y18n from 4.0.0 to 4.0.1
• Added:
  • option --includeDevDependencies. It is allow to scan dev dependencies

• Use global-npm (meaning npm is no longer a dependency of ts-node-client)

• Added:
  • option --brakeOnViolations. It is fail build in case any violations after scan transferred.
  • option --brakeOnWarnings. It is fail build in case any warning after scan transferred.

• userName is not required param for scans
• Support usage of scan meta param binaryLinks inside Options definition

• Node JS and dependencies updates "node": ">= 8.12.0"

• Improve variable usage and tasks migration
• Support usage of scan meta params: branch and tag inside Options definition
• Skip npmDependency without names
• Update travis config
• Update dependency to resolve vulnerabilities

• Added proxy support and config
• Update travis config
• Updated README.md with app.trustsource.io
• Updated default url to app.trustsource.io
• Added windows support
• Fixed json
• Removed:
  • options: --credentials and --credentialsFile instead you should use --config.
  • option --baseUrl instead you should use --url.
• Added:
  • option --config. It is similar to credentials, but it will contain any config information.
  • option --url. It is similar to baseUrl.
  • option --apiKey and --userName so it will be unnecessary to create .tsrc.json file.
  • options --version and --help.
  • options shortcut.

Apache-2.0