/** * @fileoverview Package JSON Parser for dependency extraction * @module @nahisaho/musubix-security/cve/dependency-parser * * Parses package.json and package-lock.json to extract dependency * information for vulnerability scanning. * * @requirement REQ-CVE-002 - Dependency extraction from package files * @design DES-EPIC2-005 - Dependency Parser component */ /** * Dependency types in package.json */ export type DependencyType = 'dependencies' | 'devDependencies' | 'peerDependencies' | 'optionalDependencies'; /** * Parsed dependency information */ export interface ParsedDependency { /** Package name */ name: string; /** Version specifier from package.json (may be a range) */ versionSpecifier: string; /** Resolved exact version (from lock file if available) */ resolvedVersion?: string; /** Type of dependency */ type: DependencyType; /** Whether this is a direct or transitive dependency */ isDirect: boolean; /** Dependencies of this package */ dependencies?: string[]; /** Integrity hash (from lock file) */ integrity?: string; /** Package URL for download */ resolved?: string; } /** * Package.json structure (partial) */ export interface PackageJson { name?: string; version?: string; dependencies?: Record; devDependencies?: Record; peerDependencies?: Record; optionalDependencies?: Record; } /** * Package-lock.json structure (v2/v3) */ export interface PackageLockJson { name?: string; version?: string; lockfileVersion?: number; packages?: Record; dependencies?: Record; } /** * Package-lock.json packages entry (v2/v3) */ export interface PackageLockEntry { version?: string; resolved?: string; integrity?: string; dev?: boolean; optional?: boolean; peer?: boolean; dependencies?: Record; devDependencies?: Record; peerDependencies?: Record; optionalDependencies?: Record; } /** * Legacy package-lock.json dependencies entry (v1) */ export interface LegacyLockEntry { version: string; resolved?: string; integrity?: string; dev?: boolean; optional?: boolean; requires?: Record; dependencies?: Record; } /** * Parser options */ export interface DependencyParserOptions { /** Include dev dependencies (default: true) */ includeDevDependencies?: boolean; /** Include peer dependencies (default: false) */ includePeerDependencies?: boolean; /** Include optional dependencies (default: true) */ includeOptionalDependencies?: boolean; /** Maximum depth for transitive dependencies (default: unlimited) */ maxDepth?: number; } /** * Parse result */ export interface ParseResult { /** Project name */ projectName?: string; /** Project version */ projectVersion?: string; /** All parsed dependencies */ dependencies: ParsedDependency[]; /** Direct dependencies count */ directCount: number; /** Transitive dependencies count */ transitiveCount: number; /** Parsing warnings */ warnings: string[]; } /** * Dependency Parser for npm projects * * @example * ```typescript * const parser = new DependencyParser(); * * // Parse from directory * const result = await parser.parseDirectory('./my-project'); * * // Parse from package.json content * const deps = parser.parsePackageJson(packageJsonContent); * * // Get all dependencies as flat list * console.log(result.dependencies); * ``` */ export declare class DependencyParser { private readonly options; constructor(options?: DependencyParserOptions); /** * Parse dependencies from a project directory * @param dirPath - Path to project directory * @returns Parsed dependencies */ parseDirectory(dirPath: string): Promise; /** * Parse package.json content directly * @param content - package.json content as string * @returns Direct dependencies (no transitive without lock file) */ parsePackageJson(content: string): ParsedDependency[]; /** * Parse package-lock.json content directly * @param content - package-lock.json content as string * @returns All dependencies including transitive */ parsePackageLock(content: string): ParsedDependency[]; /** * Parse with both package.json and lock file */ private parsePackageJsonWithLock; /** * Extract dependencies from lock file */ private extractFromLockFile; /** * Extract from v1 lock format (recursive) */ private extractFromLegacyLock; /** * Extract dependencies from package.json section */ private extractDependencies; /** * Determine dependency type from lock entry */ private determineDependencyType; /** * Check if dependency type should be included */ private shouldIncludeType; /** * Extract package name from node_modules path */ private extractPackageNameFromPath; } /** * Resolve version specifier to concrete version * Handles npm version ranges */ export declare function resolveVersionSpecifier(specifier: string): { type: 'exact' | 'range' | 'tag' | 'url' | 'git'; version?: string; minVersion?: string; maxVersion?: string; }; /** * Filter dependencies for security scanning * Removes dev dependencies if not needed, etc. */ export declare function filterDependenciesForScanning(dependencies: ParsedDependency[], options?: { includeDevDependencies?: boolean; includeTransitive?: boolean; directOnly?: boolean; }): ParsedDependency[]; /** * Get unique packages (deduplicate by name) */ export declare function getUniquePackages(dependencies: ParsedDependency[]): ParsedDependency[]; //# sourceMappingURL=dependency-parser.d.ts.map