atreyabain/safeImport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Atreya Bain 01b6902677 [fix] ignore clone failures
2025-08-25 23:45:34 +01:00
.vscode
cleanup
2025-08-07 19:32:41 +01:00
lib
[add] same import primitive
2025-08-25 16:52:49 +01:00
libtest
[add] same import primitive
2025-08-25 16:52:49 +01:00
src
[add] same import primitive
2025-08-25 16:52:49 +01:00
src_dataset
[fix] ignore clone failures
2025-08-25 23:45:34 +01:00
src_vuln
[add] getting sliced available repos
2025-08-19 21:33:37 +01:00
test
[add] more repos and generic filtering
2025-08-11 13:56:13 +01:00
test_src
[add] implement vulnerability checking and advisory fetching, enhance repo processing, and add utility functions
2025-08-19 19:13:24 +01:00
.gitignore
[add] implement vulnerability checking and advisory fetching, enhance repo processing, and add utility functions
2025-08-19 19:13:24 +01:00
master.sh
[update] docs
2025-08-19 20:25:24 +01:00
minableRepositories2.csv
[add] new candidate repos
2025-08-19 20:10:08 +01:00
package-lock.json
[add] filter by npm api before repo fetch
2025-08-15 04:01:08 +01:00
package.json
[add] filter by npm api before repo fetch
2025-08-15 04:01:08 +01:00
README.md
[add] readme
2025-08-19 21:51:07 +01:00
repostatus.csv
[add] new candidate repos
2025-08-19 20:10:08 +01:00
run-tests-swapped.sh
[add] scripts
2025-08-14 21:28:51 +01:00
script-placer-successes.sh
[add] history
2025-08-22 16:51:36 +01:00
script-placer.sh
[fix] new repos
2025-08-19 20:13:24 +01:00
script.sh
[add] complete new batch of repos
2025-08-22 23:39:09 +01:00
success-old.txt
[add] history
2025-08-22 16:51:36 +01:00
success-older.txt
[add] history
2025-08-22 16:51:36 +01:00
success.txt
[add] complete new batch of repos
2025-08-22 23:39:09 +01:00
todo
[update]
2025-07-26 13:44:32 +01:00

README.md

SafeImport

Layout

Folder Description
src Source
src_dataset Source for batch cloning public repositories
test_src Example targets for development
output Webpack-ed dependencies
dist Sliced dependencies

How to rerun the program

  1. Collect the mineable repositories

    node src_dataset/index.mjs

    Look at the code and you can tweak the number of repos that are being used.

    They will get copied to ../cache-repos/repos. package.json of each of the files are fetched from npm (so that we dont clone the whole repo) and cached in ../cache-repos.

  2. Get a list of candidate repos that can slice.

    ./script.sh

    If something goes wrong, add it to the ignore list. This also moves the repos into a candidates/ folder. It will create success.txt with a list of repos that work with slicing.

  3. Slice and get test results

    Go through success.txt, and run master.sh with each repo.

    ./master.sh cov -> Get test coverage and pre-test count ./master.sh exec -> Slice and post coverage ./master.sh cloc -> Sliced statistics

    Note that in some cases, the scripts may attempt to execute tests in the backup node modules folder (.node_modules). In this case, move it out, and run the tests individually. You can get the commands from the output from the master script (which calls the script-placer.sh script).

Vuln finding

The scripts here help find repositories that are - firstly, slicable, and have a direct dependency on a repo that have a github advisory (~CVE) on them.

From there, you can run the slicer manually to track if they get removed.

Note that it uses the success.txt, not output.

Description
No description provided
Readme 459 KiB
Languages
JavaScript 97.7%
Shell 2.3%