-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathanalysis.go
More file actions
34 lines (28 loc) · 967 Bytes
/
analysis.go
File metadata and controls
34 lines (28 loc) · 967 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package main
import (
"fmt"
"net/http"
"strings"
)
// AnalysisResult holds the result of a package check
type AnalysisResult struct {
PackageName string
Status string // "SAFE", "VULNERABLE", "ERROR"
IsScoped bool
}
// CheckPackage checks if a package exists on the public NPM registry
func CheckPackage(client *http.Client, pkgName string) AnalysisResult {
url := fmt.Sprintf("https://registry.npmjs.org/%s", pkgName)
isScoped := strings.HasPrefix(pkgName, "@")
resp, err := client.Get(url)
if err != nil {
return AnalysisResult{PackageName: pkgName, Status: "ERROR", IsScoped: isScoped}
}
defer resp.Body.Close()
if resp.StatusCode == 404 {
return AnalysisResult{PackageName: pkgName, Status: "VULNERABLE", IsScoped: isScoped}
} else if resp.StatusCode == 200 {
return AnalysisResult{PackageName: pkgName, Status: "SAFE", IsScoped: isScoped}
}
return AnalysisResult{PackageName: pkgName, Status: "UNKNOWN", IsScoped: isScoped}
}