feat(scanner): add node dependencies extractor probe (#446)

clemgbld · web-flow · commit 08fa1586b0cc · 2025-06-17T12:00:29.000+02:00
diff --git a/.changeset/large-tools-peel.md b/.changeset/large-tools-peel.md
@@ -0,0 +1,5 @@
+---
+"@nodesecure/scanner": minor
+---
+
+feat(extractors): add node dependencies extractor
diff --git a/workspaces/scanner/docs/extractors.md b/workspaces/scanner/docs/extractors.md
@@ -38,6 +38,7 @@ Available probes include:
 | Vulnerabilities | packument |
 | Warnings | manifest |
 | Extentions | manifest |
+| NodeDependencies | manifest |
 
 All probes follow the same `ProbeExtractor` interface, which acts as an iterator-like contract:
 
diff --git a/workspaces/scanner/src/extractors/probes/NodeDependenciesExtractor.class.ts b/workspaces/scanner/src/extractors/probes/NodeDependenciesExtractor.class.ts
@@ -0,0 +1,33 @@
+
+// Import Internal Dependencies
+import type {
+  ManifestProbeExtractor
+} from "../payload.js";
+import type { DependencyVersion } from "../../types.js";
+
+export type NodeDependenciesResult = {
+  nodeDeps: string[];
+};
+
+export class NodeDependencies implements ManifestProbeExtractor<NodeDependenciesResult> {
+  level = "manifest" as const;
+
+  #nodeDeps = new Set<string>();
+
+  next(
+    _: string,
+    version: DependencyVersion
+  ) {
+    const { composition } = version;
+
+    composition.required_nodejs.forEach((dep) => {
+      this.#nodeDeps.add(dep);
+    });
+  }
+
+  done() {
+    return {
+      nodeDeps: [...this.#nodeDeps]
+    };
+  }
+}
diff --git a/workspaces/scanner/src/extractors/probes/index.ts b/workspaces/scanner/src/extractors/probes/index.ts
@@ -5,3 +5,4 @@ export * from "./WarningsExtractor.class.js";
 export * from "./VulnerabilitiesExtractor.class.js";
 export * from "./FlagsExtractor.class.js";
 export * from "./ExtensionsExtractor.class.js";
+export * from "./NodeDependenciesExtractor.class.js";
diff --git a/workspaces/scanner/test/extractors/payload.spec.ts b/workspaces/scanner/test/extractors/payload.spec.ts
@@ -416,4 +416,34 @@ describe("Extractors.Callbacks", () => {
       });
     });
   });
+
+  describe("NodeDependencies", () => {
+    const extractor = new Extractors.Payload(
+      expressNodesecurePayload,
+      [
+        new Extractors.Probes.NodeDependencies()
+      ]
+    );
+
+    const { nodeDeps } = extractor.extractAndMerge();
+
+    assert.deepEqual(nodeDeps.sort(), [
+      "stream",
+      "tty",
+      "util",
+      "fs",
+      "net",
+      "crypto",
+      "assert",
+      "http",
+      "path",
+      "buffer",
+      "url",
+      "async_hooks",
+      "events",
+      "zlib",
+      "string_decoder",
+      "querystring"
+    ].sort());
+  });
 });

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@nodesecure/scanner": minor
 +---
++
 +feat(extractors): add node dependencies extractor