JavaScript: Broaden scope of imports considered relevant to portals.

Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency.

So instead we now consider all imports relevant whose path does not start with a dot or a slash.

Author: Max Schaefer

javascript/ql/src/semmle/javascript/dataflow/Portals.qll

@@ -181,15 +181,15 @@ private module NpmPackagePortal {
   predicate imports(DataFlow::SourceNode imp, string pkgName) {
     exists(NPMPackage pkg |
       imp = getAModuleImport(pkg, pkgName) and
-      pkg.declaresDependency(pkgName, _)
+      pkgName.regexpMatch("[^./].*")
     )
   }
 
   /** Holds if `imp` imports `member` from package `pkgName`. */
   predicate imports(DataFlow::SourceNode imp, string pkgName, string member) {
     exists(NPMPackage pkg |
       imp = getAModuleMemberImport(pkg, pkgName, member) and
-      pkg.declaresDependency(pkgName, _)
+      pkgName.regexpMatch("[^./].*")
     )
   }