feat(cli): add extract integrity command (#543)

Author: clemgbld

README.md

@@ -111,6 +111,7 @@ For complete details on each command, refer to the following documents:
 - [`config create`](./docs/cli/config.md)
 - [`config`](./docs/cli/config.md)
 - [`cache`](./docs/cli/cache.md)
+- [`extract integrity`](./docs/cli/extract-integrity.md)
 
 Each link provides access to the full documentation for the command, including additional details, options, and usage examples.
 

bin/index.js

@@ -128,6 +128,12 @@ prog
   .describe(i18n.getTokenSync("cli.commands.cache.desc"))
   .action(commands.cache.main);
 
+prog
+  .command("extract integrity [spec]")
+  .describe(i18n.getTokenSync("cli.commands.extractIntegrity.desc"))
+  .option("-t, --token", i18n.getTokenSync("cli.commands.extractIntegrity.option_token"))
+  .action(commands.extractIntegrity.main);
+
 prog.parse(process.argv);
 
 function defaultScannerCommand(name, options = {}) {

docs/cli/extract-integrity.md

@@ -0,0 +1,15 @@
+# 📂 Command `extract integrity`
+
+The `extract integrity` extract the integrity of a package from its manifest and tarball and compare the two integrities if different from one another.
+
+## 📜 Syntax
+
+```bash
+$ nsecure extract integrity [spec]
+```
+
+## ⚙️ Available Options
+
+| Name | Shortcut | Default Value | Description |
+|---|---|---|---|
+| `--token` | `-t` | undefined | NPM token. |

i18n/english.js

@@ -76,6 +76,10 @@ const cli = {
       cacheTitle: "NodeSecure Cache:",
       scannedPayloadsTitle: "Scanned payloads available on disk:",
       cleared: "Cache cleared successfully!"
+    },
+    extractIntegrity: {
+      desc: "Extract the integrity of a package from its manifest and tarball and compare the two integrities if different from one another.",
+      option_token: "NPM token"
     }
   },
   startHttp: {

i18n/french.js

@@ -76,6 +76,10 @@ const cli = {
       cacheTitle: "Cache NodeSecure:",
       scannedPayloadsTitle: "Payloads scannés disponibles sur le disque:",
       cleared: "Cache nettoyé avec succès !"
+    },
+    extractIntegrity: {
+      desc: "Extraire l'intégrité d'un paquet à partir de son manifeste et du tarball et comparer les deux intégrités si elles sont différentes.",
+      option_token: "Jeton NPM"
     }
   },
   startHttp: {

package.json

@@ -108,6 +108,7 @@
     "@topcli/spinner": "^3.0.0",
     "cacache": "^19.0.1",
     "chokidar": "^4.0.3",
+    "diff": "^8.0.2",
     "dotenv": "^17.0.0",
     "filenamify": "^6.0.0",
     "glob": "^11.0.1",

src/commands/extract-integrity.js

@@ -0,0 +1,37 @@
+// Import Third-party Dependencies
+import kleur from "kleur";
+import { diffChars } from "diff";
+import { packumentVersion } from "@nodesecure/npm-registry-sdk";
+import { tarball } from "@nodesecure/scanner";
+
+export async function main(spec, options) {
+  const [pkgName, pkgVersion] = spec.split("@");
+  const { dist: { tarball: location, shasum: manifestIntegrity } } = await packumentVersion(pkgName, pkgVersion, {
+    token: options.token
+  });
+  const manifestManager = await tarball.extractAndResolve(location, {
+    spec
+  });
+  const tarballIntegrity = manifestManager.integrity;
+  if (manifestIntegrity === tarballIntegrity) {
+    console.log(`integrity: ${manifestIntegrity}`);
+
+    return;
+  }
+
+  console.log(`manifest integrity: ${manifestIntegrity}`);
+  console.log(`tarball integrity: ${tarballIntegrity}`);
+  process.stdout.write("integrity diff: ");
+  for (const { added, removed, value } of diffChars(manifestIntegrity, tarballIntegrity)) {
+    if (added) {
+      process.stdout.write(kleur.green().bold(`+${value}`));
+    }
+    else if (removed) {
+      process.stdout.write(kleur.red().bold(`-${value}`));
+    }
+    else {
+      process.stdout.write(value);
+    }
+  }
+  console.log("\n");
+}

src/commands/index.js

@@ -7,3 +7,4 @@ export * as config from "./config.js";
 export * as scorecard from "./scorecard.js";
 export * as report from "./report.js";
 export * as cache from "./cache.js";
+export * as extractIntegrity from "./extract-integrity.js";