feat: add Electronegativity plugin (#1900)

package.json

@@ -34,6 +34,7 @@
     "postinstall": "rimraf node_modules/.bin/*.ps1 && ts-node tools/link-ts.ts"
   },
   "dependencies": {
+    "@doyensec/electronegativity": "^1.6.0",
     "@electron/get": "^1.9.0",
     "@malept/cross-spawn-promise": "^1.1.0",
     "@octokit/core": "^3.1.2",

packages/plugin/electronegativity/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "@electron-forge/plugin-electronegativity",
+  "version": "6.0.0-beta.52",
+  "description": "Integrate Electronegativity into the Electron Forge workflow",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/electron-userland/electron-forge",
+    "directory": "packages/plugin/electronegativity"
+  },
+  "author": "Mark Lee",
+  "license": "MIT",
+  "main": "dist/ElectronegativityPlugin.js",
+  "typings": "dist/ElectronegativityPlugin.d.ts",
+  "engines": {
+    "node": ">= 10.0.0"
+  },
+  "dependencies": {
+    "@doyensec/electronegativity": "^1.6.0",
+    "@electron-forge/plugin-base": "6.0.0-beta.52",
+    "@electron-forge/shared-types": "6.0.0-beta.52"
+  }
+}

packages/plugin/electronegativity/src/ElectronegativityPlugin.ts

@@ -0,0 +1,72 @@
+import { ForgeConfig } from '@electron-forge/shared-types';
+import PluginBase from '@electron-forge/plugin-base';
+import runElectronegativity from '@doyensec/electronegativity';
+
+// To be more precise, postPackage options we care about.
+type PostPackageOptions = {
+  outputPaths: string[];
+};
+
+export type Confidence = 'certain' | 'firm' | 'tentative';
+export type CustomCheck = 'dangerousfunctionsjscheck' | 'remotemodulejscheck';
+export type Severity = 'high' | 'medium' | 'low' | 'informational';
+
+export type ElectronegativityConfig = {
+  /**
+   * Save the results to a file in CSV or SARIF format.
+   */
+  output?: string;
+  /**
+   * Whether to save the output in SARIF or CSV format.
+   *
+   * Defaults to CSV.
+   */
+  isSarif?: boolean;
+  /**
+   * Specified checks to run.
+   */
+  customScan?: CustomCheck[];
+  /**
+   * Only return findings with the specified level of severity or above.
+   *
+   * Defaults to `informational`.
+   */
+  severitySet?: Severity;
+  /**
+   * Only return findings with the specified level of confidence or above.
+   *
+   * Defaults to `tentative`.
+   */
+  confidenceSet?: Confidence;
+  /**
+   * Whether to show relative paths for files.
+   *
+   * Defaults to `false`.
+   */
+  isRelative?: false;
+  /**
+   * Specify a range to run Electron upgrade checks. For example, `'7..8'` checks an upgrade
+   * from Electron 7 to Electron 8.
+   */
+  electronUpgrade?: string;
+};
+
+export default class ElectronegativityPlugin extends PluginBase<ElectronegativityConfig> {
+  name = 'electronegativity';
+
+  getHook(hookName: string) {
+    if (hookName === 'postPackage') {
+      return this.postPackage;
+    }
+    return null;
+  }
+
+  postPackage = async (_forgeConfig: ForgeConfig, options: PostPackageOptions) => {
+    await runElectronegativity({
+      // FIXME: remove after https://github.com/doyensec/electronegativity/pull/73 is released.
+      customScan: [],
+      ...this.config,
+      input: options.outputPaths[0],
+    }, true);
+  }
+}

typings/@doyensec/electronegativity/index.d.ts

@@ -0,0 +1 @@
+declare module '@doyensec/electronegativity';