feat: add support to old versions of Node.js (#23)

* feat: add compatibility to Node.js >= 0.12

For retro-compatibility lovers

* doc: add note about supported Node.js versions

* fixup! feat: add compatibility to Node.js >= 0.12

* chore: drop cli-colors

Refs: #19

* fixup! extra forward slashes

Co-authored-by: Trivikram Kamat <[email protected]>

* fixup! feat: add compatibility to Node.js >= 0.12

---------

Co-authored-by: Trivikram Kamat <[email protected]>

Author: RafaelGSS

.github/workflows/test.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [14, 16, 18, 20, 21, 22]
+        node-version: [16, 18, 20, 21, 22, 23]
 
     steps:
       - uses: actions/checkout@v3
@@ -32,3 +32,21 @@ jobs:
       - name: Ensure Build
         run: |
           npm run build
+
+  old-versions:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [0.12, 4, 6, 8, 9, 10, 12]
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Run test
+        run: |
+          node setup-test.js

README.md

@@ -12,6 +12,12 @@ npx is-my-node-vulnerable
 
 It's strongly recommended to include this as a step in the app CI.
 
+> [!NOTE]
+> For retro-compatibility enthusiasts: This module supports Node.js versions >= v0.12.
+> However, npx does not work with those older versions, so you'll need to install the
+> package and run index.js manually. If you encounter errors when using npx, it's
+> likely because you're using a vulnerable version of Node.js. Please consider upgrading.
+
 ### Output - When vulnerable
 
 
@@ -73,6 +79,9 @@ End-of-Life versions don't keep track of recent security releases, therefore, it
 
 This package also exports a function `isNodeVulnerable` to perform the check in runtime
 
+> [!NOTE]
+> The API is only supported on active Node.js versions (v18.x, v20.x, v22.x, v23.x)
+
 ```js
 const { isNodeVulnerable } = require('is-my-node-vulnerable')
 

ascii.js

@@ -1,35 +1,45 @@
-const clc = require('cli-color')
+const util = require('util')
 
-const danger = `
-                                                   
-██████   █████  ███    ██  ██████  ███████ ██████  
-██   ██ ██   ██ ████   ██ ██       ██      ██   ██ 
-██   ██ ███████ ██ ██  ██ ██   ███ █████   ██████  
-██   ██ ██   ██ ██  ██ ██ ██    ██ ██      ██   ██ 
-██████  ██   ██ ██   ████  ██████  ███████ ██   ██ 
-                                                   
-`
+const danger = '\n' +
+'\n' +
+'██████   █████  ███    ██  ██████  ███████ ███████\n' +
+'██   ██ ██   ██ ████   ██ ██       ██      ██   ██\n' +
+'██   ██ ███████ ██ ██  ██ ██   ███ █████   ███████\n' +
+'██   ██ ██   ██ ██  ██ ██ ██    ██ ██      ██   ██\n' +
+'██████  ██   ██ ██   ████  ██████  ███████ ██   ██\n' +
+'\n'
 
-const allGood = `
-                                                                          
- █████  ██      ██           ██████   ██████   ██████  ██████         ██  
-██   ██ ██      ██          ██       ██    ██ ██    ██ ██   ██     ██  ██ 
-███████ ██      ██          ██   ███ ██    ██ ██    ██ ██   ██         ██ 
-██   ██ ██      ██          ██    ██ ██    ██ ██    ██ ██   ██     ██  ██ 
-██   ██ ███████ ███████      ██████   ██████   ██████  ██████         ██  
-                                                                          
-`
+const allGood = '\n' +
+'\n' +
+' █████  ██      ██           ██████   ██████   ██████  ██████         ██\n' +
+'██   ██ ██      ██          ██       ██    ██ ██    ██ ██   ██     ██  ██\n' +
+'███████ ██      ██          ██   ███ ██    ██ ██    ██ ██   ██         ██\n' +
+'██   ██ ██      ██          ██    ██ ██    ██ ██    ██ ██   ██     ██  ██\n' +
+'██   ██ ███████ ███████      ██████   ██████   ██████  ██████         ██\n' +
+'\n'
 
-const bold = clc.bold
+function escapeStyleCode (code) {
+  return '\u001b[' + code + 'm'
+}
 
-const vulnerableWarning = bold(`The current Node.js version (${process.version}) is vulnerable to the following CVEs:`)
+function bold (text) {
+  var left = ''
+  var right = ''
+  const formatCodes = util.inspect.colors.bold
+  left += escapeStyleCode(formatCodes[0])
+  right = escapeStyleCode(formatCodes[1]) + right
+  return left + text + right
+}
 
-const separator = '='.repeat(process.stdout.columns)
+const vulnerableWarning = bold('The current Node.js version (' + process.version + ') is vulnerable to the following CVEs:')
 
-module.exports = {
-  danger,
-  allGood,
-  bold,
-  vulnerableWarning,
-  separator
+var separator = '='
+for (var i = 0; i < process.stdout.columns; ++i) {
+  separator = separator + '='
 }
+
+module.exports.danger = danger
+module.exports.allGood = allGood
+module.exports.bold = bold
+module.exports.vulnerableWarning = vulnerableWarning
+module.exports.separator = separator

eol-versions.js

@@ -0,0 +1,125 @@
+// Sync from https://raw.githubusercontent.com/nodejs/Release/master/schedule.json
+// These are the list of versions that might be affected by this module dependencies
+const versionMap = {
+  // v0.12
+  v0: {
+    start: '2015-02-06',
+    end: '2016-12-31'
+  },
+  v4: {
+    start: '2015-09-08',
+    lts: '2015-10-12',
+    maintenance: '2017-04-01',
+    end: '2018-04-30',
+    codename: 'Argon'
+  },
+  v5: {
+    start: '2015-10-29',
+    maintenance: '2016-04-30',
+    end: '2016-06-30'
+  },
+  v6: {
+    start: '2016-04-26',
+    lts: '2016-10-18',
+    maintenance: '2018-04-30',
+    end: '2019-04-30',
+    codename: 'Boron'
+  },
+  v7: {
+    start: '2016-10-25',
+    maintenance: '2017-04-30',
+    end: '2017-06-30'
+  },
+  v8: {
+    start: '2017-05-30',
+    lts: '2017-10-31',
+    maintenance: '2019-01-01',
+    end: '2019-12-31',
+    codename: 'Carbon'
+  },
+  v9: {
+    start: '2017-10-01',
+    maintenance: '2018-04-01',
+    end: '2018-06-30'
+  },
+  v10: {
+    start: '2018-04-24',
+    lts: '2018-10-30',
+    maintenance: '2020-05-19',
+    end: '2021-04-30',
+    codename: 'Dubnium'
+  },
+  v11: {
+    start: '2018-10-23',
+    maintenance: '2019-04-22',
+    end: '2019-06-01'
+  },
+  v12: {
+    start: '2019-04-23',
+    lts: '2019-10-21',
+    maintenance: '2020-11-30',
+    end: '2022-04-30',
+    codename: 'Erbium'
+  },
+  v13: {
+    start: '2019-10-22',
+    maintenance: '2020-04-01',
+    end: '2020-06-01'
+  },
+  v14: {
+    start: '2020-04-21',
+    lts: '2020-10-27',
+    maintenance: '2021-10-19',
+    end: '2023-04-30',
+    codename: 'Fermium'
+  },
+  v15: {
+    start: '2020-10-20',
+    maintenance: '2021-04-01',
+    end: '2021-06-01'
+  },
+  v16: {
+    start: '2021-04-20',
+    lts: '2021-10-26',
+    maintenance: '2022-10-18',
+    end: '2023-09-11',
+    codename: 'Gallium'
+  },
+  v17: {
+    start: '2021-10-19',
+    maintenance: '2022-04-01',
+    end: '2022-06-01'
+  },
+  v19: {
+    start: '2022-10-18',
+    maintenance: '2023-04-01',
+    end: '2023-06-01'
+  }
+}
+
+function isOldEnough (version) {
+  const versionInfo = getVersionInfo(version)
+
+  if (!versionInfo) {
+    return false
+  } else if (!versionInfo.end) {
+    return true // Versions without an EOL date are considered EOL
+  }
+
+  const now = new Date()
+  const end = new Date(versionInfo.end)
+  return now > end
+}
+
+function getVersionInfo (version) {
+  const majorVersion = extractMajorVersion(version)
+  return versionMap[majorVersion] || null
+}
+
+function extractMajorVersion (version) {
+  // Extracts the major version number from a version string like 'v12.22.12'
+  const major = version.split('.')[0]
+  return major
+}
+
+module.exports = isOldEnough