TrustSource node client - node module to transfer dependency information to TrustSource server.
Package now support package-lock.json v.3
Package now support yarn v.2+
Package now is not including npm
anymore. The addition has been done due to missing programmatic API in npm >= 8.0.0 and in order to skip deprecated dependencies
This change affects the structure of scans slightly, but it heavily improves the scanner.
- node >= 12.0.0 use ts-node-client@3.1.+*
- node >= 8.9.0
- npm < 8.0.0 use ts-node-client@1.*
- npm >= 8.0.0 use ts-node-client@2.*
Run: npm install --save-dev ts-node-client
or yarn add --dev ts-node-client
You can add install_and_scan
script to the package.json file to install and transfer dependency information using one command npm run install_and_scan
:
"scripts": {
"install_and_scan": "npm install && ts-node-client -k apiKey -p Project"
},
To store your credentials for automated transfer you may create .tsrc.json
in your project directory or in your home directory to set credentials globally (not recommended!)
.tsrc.json
example:
{
"apiKey": "apiKey",
"url": "https://app.trustsource.io",
"project": "Project Description"
}
You also may initiate transfer to TrustSource server manually by executing following command via terminal:
node_modules/.bin/ts-node-client
node_modules/.bin/ts-node-client -k apiKey -p Project --breakOnWarnings false --breakOnViolations true
node_modules/.bin/ts-node-client -c config.json
npm / node module to transfer dependency information to TrustSource server.
Options:
--apiKey, -k apiKey [default: null]
--project, -p Project name [default: null]
--branch, -b Scan branch [default: null]
--tag, -t Scan tag [default: null]
--binaryLinks Binary links separated by comma [default: null]
--url url [default: null]
--config, -c Config path [default: null]
--proxy Proxy url like 'https://user:password@host:port' [default: null]
--version Prints a version [default: null]
--saveAs, -o Save as file (file name prefix) [default: null]
--saveAsFormat, -f Save as format (scan / cydx / spdx) [default: null]
--debug [default: null]
--simulate [default: null]
--includeDevDependencies [default: null]
--meteor [default: null]
--breakOnWarnings [default: null]
--breakOnViolations [default: null]
--help Prints a usage statement [boolean]
PLEASE NOTE: if you want to pass param into function you should add value, for example:
--breakOnViolations true
or --saveAs sbom
You should upgrade to 2.* versions of ts-node-client
-
npm.ls
cli ->package-lock.json
parse - npm removed
- updated dependencies
- Migrate 1.6.* - 1.8.* changes to version 2.1
- Bump dependencies
- Support new scan tool and fix problem with programmatic API for >= npm@8.0.0
- Stop usage of
global-npm
until we find new resolution - Get back
npm
as local dependency
- SBOM
- --saveAs and --saveAsFormat
- Bump minimist from 1.2.5 to 1.2.6
- Bump urijs from 1.19.10 to 1.19.11
- replace packageurl-js with simple local function
- improve docs
- request -> axios
- fix dependencies
- doc fixes
- --breakOnWarnings and --breakOnViolations
- Bump devDependencies
- Describe
Error: The programmatic API was removed in npm v8.0.0
- Bump devDependencies
- Introduce sonarjs
- Bump glob-parent from 5.1.1 to 5.1.2
- Bump path-parse from 1.0.6 to 1.0.7
- Bump lodash from 4.17.19 to 4.17.21
- Bump y18n from 4.0.0 to 4.0.1
- Added:
- option --includeDevDependencies. It is allow to scan dev dependencies
- Use
global-npm
(meaningnpm
is no longer a dependency ofts-node-client
)
- Added:
- option --brakeOnViolations. It is fail build in case any violations after scan transferred.
- option --brakeOnWarnings. It is fail build in case any warning after scan transferred.
- userName is not required param for scans
- Support usage of scan meta param binaryLinks inside Options definition
- Node JS and dependencies updates "node": ">= 8.12.0"
- Improve variable usage and tasks migration
- Support usage of scan meta params: branch and tag inside Options definition
- Skip npmDependency without names
- Update travis config
- Update dependency to resolve vulnerabilities
- Added proxy support and config
- Update travis config
- Updated README.md with
app.trustsource.io
- Updated default url to
app.trustsource.io
- Added windows support
- Fixed json
-
Removed:
- options: --credentials and --credentialsFile instead you should use --config.
- option --baseUrl instead you should use --url.
- Added:
- option --config. It is similar to credentials, but it will contain any config information.
- option --url. It is similar to baseUrl.
- option --apiKey and --userName so it will be unnecessary to create
.tsrc.json
file. - options --version and --help.
- options shortcut.