refactor: migrate to TypeScript (#88)

* chore: migrate to ts

* refactor: complete migration

---------

Co-authored-by: fraxken <[email protected]>

FLAGS.md

@@ -35,11 +35,11 @@ Documentation: [npm-install](https://docs.npmjs.com/cli/install)
 
 The package use a Node.js core package that allow to access the network. These core package are:
 
-*   \- http
-*   \- https
-*   \- net
-*   \- http2
-*   \- dgram
+*   http
+*   https
+*   net
+*   http2
+*   dgram
 
 ⚠️ This flag only work if the AST analysis as successfully retrieved all dependencies as expected.
 
@@ -80,20 +80,7 @@ Minified JavaScript code are commonly used by hacker to obfuscate the code to av
 Example of minified code:
 
 
-![](https://i.imgur.com/13Mxfb2.png)  
-
-⚠️ sometimes one line file are considered minified (we are working to fix this in the future).
-
-
-
-Under the hood we use the npm package [is-minified-code](https://github.com/MartinKolarik/is-minified-code/).
-
-
-
-Files can be found in the **Minified Files** list items of the left menu.
-
-
-![](https://i.imgur.com/e8BbBeb.png)</details><details><summary>👀 hasMissingOrUnusedDependency</summary>
+![](https://i.imgur.com/13Mxfb2.png)</details><details><summary>👀 hasMissingOrUnusedDependency</summary>
 
 The package has a missing dependency (in package.json) or a dependency that is not used in the code (this may happen if the AST Analysis fail!)
 
@@ -109,7 +96,7 @@ Example: ISC OR GPL-2.0-with-GCC-exception.
 
 
 
-Under the hood we use [conformance](https://github.com/cutenode/conformance#readme) to parse licenses !
+Under the hood we use [@nodesecure/licenses-conformance](https://github.com/NodeSecure/licenses-conformance) to assert licenses conformance!
 
 </details><details><summary>🐲 hasNativeCode</summary>
 
@@ -119,9 +106,9 @@ The package use native components (package, file, configuration) like **binding.
 
 The flag is set to true if:
 
-*   \- One of the package file has an extension like .c, .cpp, .gyp (etc..)
-*   \- One of the package dependency is known for building native addons.
-*   \- The package.json file has the property "gypfile" set to **true**.
+*   One of the package file has an extension like .c, .cpp, .gyp (etc..)
+*   One of the package dependency is known for building native addons.
+*   The package.json file has the property "gypfile" set to **true**.
 
 </details><details><summary>📜 hasNoLicense</summary>
 
@@ -135,10 +122,6 @@ The code and logic behind the detection is handled in the [npm-tarball-license-p
 
 For more information on how license must be described in the package.json, please check the [npm documentation](https://docs.npmjs.com/files/package.json#license).
 
-
-
-⚠️ we are working to stabilize this flag !
-
 </details><details><summary>📦 hasScript</summary>
 
 The package has pre and/or post script in the **package.json** file. These script will be executed before or after the installation of a dependency (this is useful for example to build native addons or similar things). However these script may be used to execute malicious code on your system.
@@ -148,7 +131,18 @@ The package has pre and/or post script in the **package.json** file. These scrip
 
 </details><details><summary>🚨 Vulnerabilities</summary>
 
-Vulnerabilities has been detected for the given package **version**. We are fetching vulnerabilities from the official [Node.js Security-WG repository](https://github.com/nodejs/security-wg)
+Vulnerabilities has been detected for the given package **version**. We are fetching vulnerabilities from multiple sources using NodeSecure [vulnera](https://github.com/NodeSecure/vulnera).
+
+
+
+Available source are
+
+*   GitHub Audit (previously NPM Audit)
+*   Sonatype DB
+*   Snyk
+*   Node.js Security-WG DB **(DEPRECATED)**
+
+We currently working to implement NVD and [OSV](https://osv.dev/).
 
 </details><details><summary>⚠ hasWarnings</summary>
 
@@ -180,6 +174,11 @@ Indicate that the package is **also used somewhere else in the dependency tree**
 The project has been detected as a GIT repository. Sometimes a dependency on the package.json link to a GIT repository, example:
 
 
+
+      `{           "dependencies": {             "zen-observable": "^0.8.15",             "nanoid": "github:ai/nanoid",             "js-x-ray": "git://github.com/NodeSecure/js-x-ray.git",             "nanodelay": "git+ssh://[email protected]:ai/nanodelay.git",             "nanoevents": "git+https://github.com/ai/nanoevents.git"           }         }`
+      
+
+
 ![](https://i.imgur.com/ww4UtyR.png)  
 
 Because under the hood we use [pacote](https://github.com/npm/pacote#readme) to fetch and extract packages we are supporting this given pattern.
@@ -196,4 +195,4 @@ This can happen, for example, when the package uses **tags** such as:
 *   @beta
 *   @next
 
-</details>
+</details>

README.md

@@ -22,7 +22,7 @@
 
 ## Requirements
 
-- [Node.js](https://nodejs.org/en/) v18 or higher
+- [Node.js](https://nodejs.org/en/) v20 or higher
 
 ## Getting Started
 

eslint.config.mjs

@@ -0,0 +1,3 @@
+import { typescriptConfig } from "@openally/config.eslint";
+
+export default typescriptConfig();

package.json

@@ -1,57 +1,58 @@
-{
-  "name": "@nodesecure/flags",
-  "version": "2.4.0",
-  "description": "NodeSecure security flags",
-  "scripts": {
-    "test": "node --test test/",
-    "coverage": "c8 -r html npm test",
-    "lint": "eslint index.js",
-    "generateFlags": "node scripts/generateFlags.js"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/NodeSecure/flags.git"
-  },
-  "keywords": [
-    "nodesecure",
-    "flags",
-    "documentation"
-  ],
-  "exports": {
-    ".": {
-      "import": "./index.js"
-    },
-    "./web": {
-      "types": "./web.d.ts",
-      "import": "./src/web.js"
-    },
-    "./package.json": "./package.json"
-  },
-  "types": "./index.d.ts",
-  "modes": {
-    "web": "src/web.js"
-  },
-  "author": "GENTILHOMME Thomas <[email protected]>",
-  "files": [
-    "index.d.ts",
-    "index.js",
-    "web.d.ts",
-    "src",
-    "FLAGS.md"
-  ],
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/NodeSecure/flags/issues"
-  },
-  "homepage": "https://github.com/NodeSecure/flags#readme",
-  "devDependencies": {
-    "@nodesecure/eslint-config": "^1.8.0",
-    "c8": "^10.1.2",
-    "eslint": "^9.9.0",
-    "turndown": "^7.1.2"
-  },
-  "type": "module",
-  "engines": {
-    "node": ">=18"
-  }
-}
+{
+  "name": "@nodesecure/flags",
+  "version": "2.4.0",
+  "description": "NodeSecure security flags",
+  "scripts": {
+    "test": "glob -c \"tsx --test\" \"./test/**/*.spec.ts\"",
+    "coverage": "c8 -r html npm test",
+    "lint": "eslint index.js",
+    "generateFlags": "tsx scripts/generateFlags.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NodeSecure/flags.git"
+  },
+  "keywords": [
+    "nodesecure",
+    "flags",
+    "documentation"
+  ],
+  "exports": {
+    ".": {
+      "import": "./index.js"
+    },
+    "./web": {
+      "types": "./web.d.ts",
+      "import": "./src/web.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "types": "./dist/index.d.ts",
+  "modes": {
+    "web": "src/web.js"
+  },
+  "author": "GENTILHOMME Thomas <[email protected]>",
+  "files": [
+    "dist"
+  ],
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/NodeSecure/flags/issues"
+  },
+  "homepage": "https://github.com/NodeSecure/flags#readme",
+  "devDependencies": {
+    "@openally/config.eslint": "^1.0.0",
+    "@openally/config.typescript": "^1.0.3",
+    "@types/node": "^22.2.0",
+    "@types/turndown": "^5.0.5",
+    "c8": "^10.1.2",
+    "glob": "^11.0.0",
+    "tsx": "^4.17.0",
+    "turndown": "^7.1.2",
+    "typescript": "^5.5.4"
+  },
+  "type": "module",
+  "engines": {
+    "node": ">=20"
+  }
+}

scripts/generateFlags.ts

@@ -0,0 +1,50 @@
+// Import Node.js Dependencies
+import path from "node:path";
+import fs from "node:fs/promises";
+import { fileURLToPath } from "node:url";
+
+// Import Third-party Dependency
+import TurndownService from "turndown";
+
+// CONSTANTS
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const kRootPath = path.join(__dirname, "..");
+
+const turndownService = new TurndownService();
+
+turndownService.addRule("h1", {
+  filter: "h1",
+  replacement: (content) => `<summary>${content}</summary>`
+});
+turndownService.addRule("div", {
+  filter: "div",
+  replacement: (content) => `<details>${content}</details>`
+});
+
+const { flags, headerTemplate } = await loadHTMLs();
+await fs.writeFile(
+  path.join(kRootPath, "FLAGS.md"),
+  headerTemplate.concat(
+    turndownService.turndown(flags)
+  )
+);
+
+async function loadHTMLs() {
+  const HTMLFlagsLocation = path.join(kRootPath, "src", "flags");
+  const HTMLFlagsEntries = await fs.readdir(HTMLFlagsLocation);
+
+  const [headerTemplate, ...HTMLFlagsFiles] = await Promise.all([
+    fs.readFile(
+      path.join(__dirname, "template", "flagDocHeader.md"),
+      "utf-8"
+    ),
+    ...HTMLFlagsEntries.map(
+      (file) => fs.readFile(path.join(HTMLFlagsLocation, file), "utf-8")
+    )
+  ]);
+
+  return {
+    flags: HTMLFlagsFiles.join(""),
+    headerTemplate
+  }
+}

src/index.ts

@@ -0,0 +1,2 @@
+export * from "./node.js";
+export * from "./web.js";

src/manifest.js → src/manifest.ts

@@ -1,6 +1,13 @@
-/* eslint-disable max-len */
+export type FlagDescriptor = {
+  /** An emoji to visually identify the anomaly **/
+  emoji: string;
+  /** Title (or name) of the flag **/
+  title: string;
+  /** Short description/warning of the anomaly **/
+  tooltipDescription: string;
+};
+export type Flag = keyof typeof FLAGS | (string & {});
 
-/** @type {flags.Manifest} **/
 export const FLAGS = {
   externalCapacity: {
     emoji: "🌍",
@@ -92,4 +99,4 @@ export const FLAGS = {
     title: "isDuplicated",
     tooltipDescription: "The package is also used somewhere else in the dependency tree but with a different version"
   }
-};
+} satisfies Record<string, FlagDescriptor>;