node

package

v0.4.9 Latest Latest Go to latest Published: Feb 24, 2026 License: MIT Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/1homsi/gorisk

Links

Open Source Insights

Documentation ¶

Index ¶

func BuildIRGraph(g *graph.DependencyGraph) ir.IRGraph
func Detect(dir string) capability.CapabilitySet
func DetectFileAST(path string) (capability.CapabilitySet, error)
func DetectFunctions(dir, pkgName string, jsFiles []string) (map[string]ir.FunctionCaps, []ir.CallEdge, error)
func DownloadPackage(pkgName, version string) (string, error)
func PropagateAcrossFiles(graph ProjectGraph, perFileCaps map[string]capability.CapabilitySet) capability.CapabilitySet
type Adapter
- func (a *Adapter) Load(dir string) (*graph.DependencyGraph, error)
- func (a *Adapter) Name() string
type Binding
type CallEdge
type Function
type NpmPackage
- func Load(dir string) (pkgs []NpmPackage, retErr error)
type ProjectGraph
- func BuildProjectGraph(dir string) (ProjectGraph, error)
type SymbolTable
- func ParseBindings(src []byte, fpath string) (SymbolTable, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BuildIRGraph ¶ added in v0.3.7

func BuildIRGraph(g *graph.DependencyGraph) ir.IRGraph

BuildIRGraph builds a function-level IR graph for a Node dependency graph.

func Detect ¶

func Detect(dir string) capability.CapabilitySet

Detect scans JS/TS source files in dir and returns the combined capability set. It also checks package.json install scripts for network/exec patterns.

func DetectFileAST ¶ added in v0.1.9

func DetectFileAST(path string) (capability.CapabilitySet, error)

DetectFileAST runs multi-pass symbol-resolved detection on a single JS/TS file. It builds a SymbolTable from binding statements, then resolves call sites against it.

Confidence levels:

Direct import/require (module-level): 0.90
Destructured: const {exec} = require(y): 0.85
Chained: require('m').func(): 0.80
Resolved x.method() where x = require(y): 0.80
Bare call where identifier = require(y).func: 0.85

func DetectFunctions ¶ added in v0.2.7

func DetectFunctions(dir, pkgName string, jsFiles []string) (map[string]ir.FunctionCaps, []ir.CallEdge, error)

DetectFunctions parses JavaScript/TypeScript files and returns per-function capability sets and call edges.

This is a regex-based MVP implementation. For production, consider using esbuild-go or babel parser for more accurate AST analysis.

func DownloadPackage ¶

func DownloadPackage(pkgName, version string) (string, error)

DownloadPackage fetches pkgName@version from the npm registry, extracts the tarball into a temp directory, and returns that directory path. The caller is responsible for removing the directory when done.

func PropagateAcrossFiles ¶ added in v0.1.9

func PropagateAcrossFiles(graph ProjectGraph, perFileCaps map[string]capability.CapabilitySet) capability.CapabilitySet

PropagateAcrossFiles propagates capabilities across file boundaries using the project graph. It applies the same hop multipliers as Go propagation: 0→1.0, 1→0.70, 2→0.55, 3+→0.40

Types ¶

type Adapter ¶

type Adapter struct{}

Adapter implements the Analyzer interface for Node.js projects.

func (*Adapter) Load ¶

func (a *Adapter) Load(dir string) (*graph.DependencyGraph, error)

Load parses the project's lockfile, detects capabilities for each npm package, and returns a *graph.DependencyGraph using the same structure as the Go loader.

func (*Adapter) Name ¶

func (a *Adapter) Name() string

type Binding ¶ added in v0.1.9

type Binding struct {
	Module string // bare module name, e.g. "child_process"
	Export string // named export if destructured, "" = whole module
	Line   int    // source line of the binding
}

Binding records what module/export a local identifier is bound to.

type CallEdge ¶ added in v0.1.9

type CallEdge struct {
	FromFile   string
	ToFile     string
	ExportName string
	Line       int
}

CallEdge represents a call from one file to an export in another file.

type Function ¶ added in v0.2.7

type Function struct {
	Name      string
	StartLine int
	EndLine   int
	Body      string
	IsExport  bool
}

Function represents a JavaScript/TypeScript function found in source

type NpmPackage ¶

type NpmPackage struct {
	Name         string
	Version      string
	Dir          string
	Dependencies []string
	Direct       bool
}

NpmPackage represents an npm package extracted from a lockfile.

func Load ¶

func Load(dir string) (pkgs []NpmPackage, retErr error)

Load detects the lockfile type in dir and parses it. It tries package-lock.json, then yarn.lock, then pnpm-lock.yaml. Load never panics; it returns a structured error on failure.

type ProjectGraph ¶ added in v0.1.9

type ProjectGraph struct {
	Files     map[string]SymbolTable                         // file path → symbol table
	Exports   map[string]map[string]capability.CapabilitySet // file path → export name → caps
	CallEdges []CallEdge
}

ProjectGraph holds the cross-file symbol table and capabilities for a Node.js project.

func BuildProjectGraph ¶ added in v0.1.9

func BuildProjectGraph(dir string) (ProjectGraph, error)

BuildProjectGraph walks all .js/.ts files in dir and builds a project-wide graph.

type SymbolTable ¶ added in v0.1.9

type SymbolTable map[string]Binding

SymbolTable maps local identifiers → their origin binding.

func ParseBindings ¶ added in v0.1.9

func ParseBindings(src []byte, fpath string) (SymbolTable, error)

ParseBindings walks the source line by line and returns a fully-resolved SymbolTable. It handles:

const/let/var x = require('module')
const/let/var {a, b} = require('module')
import x from 'module'
import {a, b} from 'module'
import * as x from 'module'

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL