Using the open database of the Node.js security WG github repository to hydrate NodeSecure dependencies payloads. This database is accessible here.
To exploit this database we clone it (extract the .tar.gz) locally, read and bundle all JSON files into one .JSON database.
import * as vuln from "@nodesecure/vuln";
const definition = await vuln.setStrategy(vuln.strategies.SECURITY_WG, {
// Force the update of the local database
hydrateDatabase: true
});
// DO WORK
// Then delete the local database
await definition.deleteDatabase();The database should be updated before the scanner is run. When required the method hydratePayloadDependencies will be called at the end of the scanner to hydrate vulnerabilities into the Dependencies Map.
const dependencies = new Map();
// ...do work on dependencies...
const definition = await vuln.getStrategy();
await definition.hydratePayloadDependencies(dependencies);