@@ -46,6 +46,7 @@ if (!SOCKET_API_KEY) {
4646}
4747
4848const scannerImplementation = SOCKET_API_KEY ? authenticated ( SOCKET_API_KEY ) : unauthenticated ( )
49+ const purlRegex = / ^ p k g : n p m \/ ( (?: @ [ ^ / ] + \/ ) ? (?: [ ^ @ ] + ) ) @ ( .+ ) $ /
4950
5051export const scanner : Bun . Security . Scanner = {
5152 version : '1' ,
@@ -59,27 +60,38 @@ export const scanner: Bun.Security.Scanner = {
5960 for ( const artifact of artifacts ) {
6061 if ( artifact . alerts && artifact . alerts . length > 0 ) {
6162 for ( const alert of artifact . alerts ) {
62- let description = ''
63+ const description = [ '' ]
6364
6465 if ( alert . type === 'didYouMean' ) {
65- description = `This package could be a typo-squatting attempt of another package (${ alert . props . alternatePackage }
66+ description . push ( `This package could be a typo-squatting attempt of another package (${ alert . props . alternatePackage } )
6667 }
68+
6769 if ( alert . props . description ) {
68- description = description ? ` ${ description } \n\n ${ alert . props . description } ` : alert . props . description
70+ description . push ( alert . props . description )
6971 }
72+
7073 if ( alert . props . note ) {
71- description = description ? ` ${ description } \n\n ${ alert . props . note } ` : alert . props . note
74+ description . push ( alert . props . note )
7275 }
76+
7377 const fix = alert . fix ?. description
78+
7479 if ( fix ) {
75- description = description ? ` ${ description } \n\nFix: ${ fix } ` : ` Fix: ${ fix }
80+ description . push ( ` Fix: ${ fix } )
7681 }
7782
83+ const match = artifact . inputPurl . match ( purlRegex ) ;
84+
85+ const name = match [ 1 ] ;
86+ const version = match [ 2 ] ;
87+
88+ const url = `\nhttps://socket.dev/npm/package/${ name } ${ version }
89+
7890 results . push ( {
7991 level : alert . action === 'error' ? 'fatal' : 'warn' ,
8092 package : artifact . inputPurl ,
81- url : null ,
82- description
93+ url,
94+ description : description . join ( '\n\n' )
8395 } )
8496 }
8597 }
0 commit comments