def test_npm_confusion_risks():
test_deprecated_pkg = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "data",
"cdxgen-metadata.json")
with open(test_deprecated_pkg) as fp:
pkg_metadata = json.load(fp)
risk_metrics = npm_pkg_risk(pkg_metadata, True, None)
assert risk_metrics["pkg_private_on_public_registry_risk"]
assert not risk_metrics["pkg_min_versions_risk"]
def test_npm_risks():
test_deprecated_pkg = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "data",
"bcrypt-metadata.json")
with open(test_deprecated_pkg) as fp:
pkg_metadata = json.load(fp)
risk_metrics = npm_pkg_risk(pkg_metadata, False, None)
assert risk_metrics["pkg_deprecated_risk"]
assert not risk_metrics["pkg_min_versions_risk"]
assert risk_metrics["latest_now_max_seconds_risk"]
ebp_pkg = os.path.join(os.path.dirname(os.path.realpath(__file__)), "data",
"ebparser-metadata.json")
with open(ebp_pkg) as fp:
pkg_metadata = json.load(fp)
risk_metrics = npm_pkg_risk(pkg_metadata, False, None)
assert risk_metrics["pkg_node_version_risk"]
assert not risk_metrics["pkg_deprecated_risk"]
assert not risk_metrics["pkg_min_versions_risk"]
import json
import requests
from depscan.lib.pkg_query import npm_pkg_risk
settings = {"interval": "1000", "count": "50", "include_docs": "true"}
url = "https://replicate.npmjs.com/_changes"
r = requests.get(url, params=settings, stream=True, timeout=30)
for line in r.iter_lines():
if line:
line = line.decode("utf-8")[:-1]
try:
json_obj = json.loads(line)
npm_pkg = json_obj.get("id")
risk_metrics = npm_pkg_risk(json_obj.get("doc"), False, None)
if risk_metrics and risk_metrics["risk_score"] > 0.6:
print(npm_pkg, risk_metrics)
except Exception as e:
print(line, e)
pass