refactor: fix deprecation in tests & update eslint

eslint.config.mjs

@@ -0,0 +1,19 @@
+import { ESLintConfig } from "@openally/config.eslint";
+
+export default [
+  {
+    ignores: [
+      "**/test/fixtures/**/*",
+      "**/test/probes/fixtures/**/*.js"
+    ]
+  },
+  ...ESLintConfig,
+  {
+    languageOptions: {
+      sourceType: "module",
+      parserOptions: {
+        requireConfigFile: false
+      }
+    }
+  }
+];

package.json

@@ -8,8 +8,7 @@
     "node": ">=18.0.0"
   },
   "scripts": {
-    "lint": "eslint src test",
-    "prepublishOnly": "pkg-ok",
+    "lint": "eslint src workspaces test",
     "test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
     "test": "c8 --all --src ./src -r html npm run test-only",
     "check": "npm run lint && npm run test-only"
@@ -54,13 +53,10 @@
     "ts-pattern": "^5.0.6"
   },
   "devDependencies": {
-    "@nodesecure/eslint-config": "^1.6.0",
+    "@openally/config.eslint": "^1.0.0",
     "@types/node": "^22.0.0",
     "c8": "^10.1.2",
-    "cross-env": "^7.0.3",
-    "eslint": "^9.0.0",
     "glob": "^11.0.0",
-    "iterator-matcher": "^2.1.0",
-    "pkg-ok": "^3.0.0"
+    "iterator-matcher": "^2.1.0"
   }
 }

src/probes/isLiteral.js

@@ -5,6 +5,7 @@ import { builtinModules } from "repl";
 import { Hex } from "@nodesecure/sec-literal";
 
 const kMapRegexIps = Object.freeze({
+  // eslint-disable-next-line @stylistic/max-len
   regexIPv4: /^(https?:\/\/)(?!127\.)(?!.*:(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9]))((?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])(?::\d{1,5})?(\/[^\s]*)?$/,
   regexIPv6: /^(https?:\/\/)(\[[0-9A-Fa-f:]+\])(?::\d{1,5})?(\/[^\s]*)?$/
 });

test/AstAnalyser.spec.js

@@ -351,7 +351,6 @@ describe("AstAnalyser", (t) => {
         });
       });
 
-
       it("intialize should be called before finalize", async() => {
         const calls = [];
 
@@ -461,7 +460,6 @@ describe("AstAnalyser", (t) => {
         });
       });
 
-
       it("intialize should be called before finalize", () => {
         const calls = [];
 

test/issues/109-html-comment-parsing.spec.js

@@ -4,21 +4,21 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 // CONSTANTS
 const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url);
 
 // Regression test for https://github.com/NodeSecure/js-x-ray/issues/109
 test("it should not crash for a JavaScript file containing HTML comments (and removeHTMLComments option enabled)", () => {
   const htmlComment = readFileSync(new URL("html-comments.js", FIXTURE_URL), "utf-8");
-  runASTAnalysis(htmlComment, {
+  new AstAnalyser().analyse(htmlComment, {
     removeHTMLComments: true
   });
 });
 
 test("it should crash for a JavaScript file containing HTML comments", (t) => {
   const htmlComment = readFileSync(new URL("html-comments.js", FIXTURE_URL), "utf-8");
 
-  assert.throws(() => runASTAnalysis(htmlComment));
+  assert.throws(() => new AstAnalyser().analyse(htmlComment));
 });

test/issues/163-illegalReturnStatement.spec.js

@@ -3,7 +3,7 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 /**
  * @see https://github.com/NodeSecure/js-x-ray/issues/163
@@ -23,9 +23,9 @@ if (!argv.length) {
 
 test("it should not throw error whatever module is true or false", () => {
   assert.doesNotThrow(() => {
-    runASTAnalysis(kIncriminedCodeSample, { module: false });
+    new AstAnalyser().analyse(kIncriminedCodeSample, { module: false });
   });
   assert.doesNotThrow(() => {
-    runASTAnalysis(kIncriminedCodeSample, { module: true });
+    new AstAnalyser().analyse(kIncriminedCodeSample, { module: true });
   });
 });

test/issues/170-isOneLineRequire-logicalExpression-CJS-export.spec.js

@@ -3,7 +3,7 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 const validTestCases = [
   ["module.exports = require('fs') || require('constants');", ["fs", "constants"]],
@@ -37,7 +37,7 @@ const validTestCases = [
 test("it should return isOneLineRequire true given a single line CJS export with a valid assignment", () => {
   validTestCases.forEach((test) => {
     const [source, modules] = test;
-    const { dependencies, isOneLineRequire } = runASTAnalysis(source);
+    const { dependencies, isOneLineRequire } = new AstAnalyser().analyse(source);
 
     assert.ok(isOneLineRequire);
     assert.deepEqual([...dependencies.keys()], modules);
@@ -60,7 +60,7 @@ const invalidTestCases = [
 test("it should return isOneLineRequire false given a single line CJS export with illegal callees", () => {
   invalidTestCases.forEach((test) => {
     const [source, modules] = test;
-    const { dependencies, isOneLineRequire } = runASTAnalysis(source);
+    const { dependencies, isOneLineRequire } = new AstAnalyser().analyse(source);
 
     assert.ok(isOneLineRequire === false);
     assert.deepEqual([...dependencies.keys()], modules);

test/issues/177-wrongUnsafeRequire.spec.js

@@ -3,13 +3,13 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 /**
  * @see https://github.com/NodeSecure/js-x-ray/issues/177
  */
 test("should detect unsafe-import and unsafe-statement", () => {
-  const { warnings, dependencies } = runASTAnalysis(`const help = require('help-me')({
+  const { warnings, dependencies } = new AstAnalyser().analyse(`const help = require('help-me')({
     dir: path.join(__dirname, 'help'),
     ext: '.txt'
   })`);

test/issues/178-path-join-literal-args-is-not-unsafe.spec.js

@@ -3,7 +3,7 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 /**
  * @see https://github.com/NodeSecure/js-x-ray/issues/178
@@ -15,7 +15,7 @@ const validTestCases = [
 
 test("should not detect unsafe-import for path.join if every argument is a string literal", () => {
   validTestCases.forEach((test) => {
-    const { warnings, dependencies } = runASTAnalysis(test);
+    const { warnings, dependencies } = new AstAnalyser().analyse(test);
 
     assert.strictEqual(warnings.length, 0);
     assert.ok(dependencies.has("../bin.js"));
@@ -31,7 +31,7 @@ const invalidTestCases = [
 
 test("should detect unsafe-import of path.join if not every argument is a string literal", () => {
   invalidTestCases.forEach((test) => {
-    const { warnings } = runASTAnalysis(test);
+    const { warnings } = new AstAnalyser().analyse(test);
 
     assert.strictEqual(warnings.length, 1);
   });

test/issues/179-UnsafeEvalRequire.spec.js

@@ -3,7 +3,7 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 /**
  * @see https://github.com/NodeSecure/js-x-ray/issues/179
@@ -14,7 +14,7 @@ const kWarningUnsafeImport = "unsafe-import";
 const kWarningUnsafeStatement = "unsafe-stmt";
 
 test("should detect unsafe-import and unsafe-statement", () => {
-  const sastAnalysis = runASTAnalysis(kIncriminedCodeSample);
+  const sastAnalysis = new AstAnalyser().analyse(kIncriminedCodeSample);
 
   assert.equal(sastAnalysis.warnings.at(0).value, "stream");
   assert.equal(sastAnalysis.warnings.at(0).kind, kWarningUnsafeImport);

test/issues/180-logicalexpr-return-this.spec.js

@@ -3,13 +3,13 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 /**
  * @see https://github.com/NodeSecure/js-x-ray/issues/180
  */
 test("should detect required core 'http' with a LogicalExpr containing Function('return this')()", () => {
-  const { warnings, dependencies } = runASTAnalysis(`
+  const { warnings, dependencies } = new AstAnalyser().analyse(`
     var root = freeGlobal || freeSelf || Function('return this')();
     const foo = root.require;
     foo("http");

test/issues/283-oneline-require-minified.spec.js

@@ -3,17 +3,17 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 // Regression test for https://github.com/NodeSecure/js-x-ray/issues/283
 test("Given a one line require (with no module.exports) then isOneLineRequire must equal true", () => {
-  const { isOneLineRequire } = runASTAnalysis(`require('foo.js');`);
+  const { isOneLineRequire } = new AstAnalyser().analyse(`require('foo.js');`);
 
   assert.ok(isOneLineRequire);
 });
 
 test("Given an empty code then isOneLineRequire must equal false", () => {
-  const { isOneLineRequire } = runASTAnalysis(``);
+  const { isOneLineRequire } = new AstAnalyser().analyse(``);
 
   assert.strictEqual(isOneLineRequire, false);
 });

test/issues/59-undefined-depName.spec.js

@@ -3,7 +3,7 @@ import { readFileSync } from "node:fs";
 import { test } from "node:test";
 
 // Import Internal Dependencies
-import { runASTAnalysis } from "../../index.js";
+import { AstAnalyser } from "../../index.js";
 
 // CONSTANTS
 const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url);
@@ -14,5 +14,5 @@ test("it should not crash for prop-types", () => {
     new URL("prop-types.min.js", FIXTURE_URL),
     "utf-8"
   );
-  runASTAnalysis(propTypes);
+  new AstAnalyser().analyse(propTypes);
 });

test/obfuscated.spec.js

@@ -5,15 +5,17 @@ import { test } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { runASTAnalysis, runASTAnalysisOnFile } from "../index.js";
+import {
+  AstAnalyser
+} from "../index.js";
 import { getWarningKind } from "./utils/index.js";
 
 // CONSTANTS
 const FIXTURE_URL = new URL("fixtures/obfuscated/", import.meta.url);
 
 test("should detect 'jsfuck' obfuscation", () => {
   const trycatch = readFileSync(new URL("jsfuck.js", FIXTURE_URL), "utf-8");
-  const { warnings } = runASTAnalysis(trycatch);
+  const { warnings } = new AstAnalyser().analyse(trycatch);
 
   assert.strictEqual(warnings.length, 1);
   assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort());
@@ -22,7 +24,7 @@ test("should detect 'jsfuck' obfuscation", () => {
 
 test("should detect 'morse' obfuscation", () => {
   const trycatch = readFileSync(new URL("morse.js", FIXTURE_URL), "utf-8");
-  const { warnings } = runASTAnalysis(trycatch);
+  const { warnings } = new AstAnalyser().analyse(trycatch);
 
   assert.strictEqual(warnings.length, 1);
   assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort());
@@ -31,14 +33,14 @@ test("should detect 'morse' obfuscation", () => {
 
 test("should not detect 'morse' obfuscation", () => {
   const trycatch = readFileSync(new URL("notMorse.js", FIXTURE_URL), "utf-8");
-  const { warnings } = runASTAnalysis(trycatch);
+  const { warnings } = new AstAnalyser().analyse(trycatch);
 
   assert.strictEqual(warnings.length, 0);
 });
 
 test("should not detect 'morse' obfuscation for high number of doubles morse symbols", () => {
   const morseSymbolDoublesString = `const a = ${"'.' + '..' +".repeat(37)} '.'`;
-  const { warnings } = runASTAnalysis(morseSymbolDoublesString);
+  const { warnings } = new AstAnalyser().analyse(morseSymbolDoublesString);
 
   assert.strictEqual(warnings.length, 0);
 });
@@ -48,7 +50,7 @@ test("should detect 'jjencode' obfuscation", () => {
     new URL("jjencode.js", FIXTURE_URL),
     "utf-8"
   );
-  const { warnings } = runASTAnalysis(trycatch);
+  const { warnings } = new AstAnalyser().analyse(trycatch);
 
   assert.strictEqual(warnings.length, 1);
   assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort());
@@ -60,7 +62,7 @@ test("should detect 'freejsobfuscator' obfuscation", () => {
     new URL("freejsobfuscator.js", FIXTURE_URL),
     "utf-8"
   );
-  const { warnings } = runASTAnalysis(trycatch);
+  const { warnings } = new AstAnalyser().analyse(trycatch);
 
   assert.deepEqual(getWarningKind(warnings), [
     "encoded-literal", "encoded-literal", "obfuscated-code"
@@ -73,7 +75,7 @@ test("should detect 'obfuscator.io' obfuscation (with hexadecimal generator)", (
     new URL("obfuscatorio-hexa.js", FIXTURE_URL),
     "utf-8"
   );
-  const { warnings } = runASTAnalysis(trycatch);
+  const { warnings } = new AstAnalyser().analyse(trycatch);
 
   assert.strictEqual(warnings.length, 1);
   assert.deepEqual(getWarningKind(warnings), [
@@ -83,15 +85,15 @@ test("should detect 'obfuscator.io' obfuscation (with hexadecimal generator)", (
 });
 
 test("should not detect 'trojan-source' when providing safe control character", () => {
-  const { warnings } = runASTAnalysis(`
+  const { warnings } = new AstAnalyser().analyse(`
     const simpleStringWithControlCharacters = "Its only a \u0008backspace";
   `);
 
   assert.deepEqual([...warnings], []);
 });
 
 test("should detect 'trojan-source' when there is one unsafe unicode control char", () => {
-  const { warnings } = runASTAnalysis(`
+  const { warnings } = new AstAnalyser().analyse(`
     const role = "ROLE_ADMIN⁦" // Dangerous control char;
   `);
 
@@ -100,8 +102,8 @@ test("should detect 'trojan-source' when there is one unsafe unicode control cha
   assert.deepEqual(warnings[0].value, "trojan-source");
 });
 
-test("should detect 'trojan-source' when there is atleast one unsafe unicode control char", async() => {
-  const { warnings } = await runASTAnalysisOnFile(
+test("should detect 'trojan-source' when there is atleast one unsafe unicode control char", () => {
+  const { warnings } = new AstAnalyser().analyseFileSync(
     fileURLToPath(new URL("unsafe-unicode-chars.js", FIXTURE_URL))
   );