chore: replace undici with native https.request (#26)

* chore: remove debug dependency (#25)

Part of: #19

* Use response.pipe instead of stream.pipeline

* Add error handler for fetchCoreIndex and call end()

* Remove variable req in getCoreIndex()

---------

Co-authored-by: Rafael Gonzaga <[email protected]>

Author: trivikr

is-vulnerable.js

@@ -1,13 +1,10 @@
 const { danger, allGood, bold, vulnerableWarning, separator } = require('./ascii')
-const { request, stream, setGlobalDispatcher, Agent } = require('undici')
-const EE = require('events')
+const { request } = require('https')
 const fs = require('fs')
 const path = require('path')
 const satisfies = require('semver/functions/satisfies')
 const nv = require('@pkgjs/nv')
 
-setGlobalDispatcher(new Agent({ connections: 20 }))
-
 const CORE_RAW_URL = 'https://raw.githubusercontent.com/nodejs/security-wg/main/vuln/core/index.json'
 
 let lastETagValue
@@ -38,28 +35,57 @@ function updateLastETag (etag) {
 }
 
 async function fetchCoreIndex () {
-  const abortRequest = new EE()
-  await stream(CORE_RAW_URL, { signal: abortRequest }, ({ statusCode }) => {
-    if (statusCode !== 200) {
-      console.error('Request to Github failed. Aborting...')
-      abortRequest.emit('abort')
+  await new Promise((resolve) => {
+    request(CORE_RAW_URL, (res) => {
+      if (res.statusCode !== 200) {
+        console.error(`Request to Github returned http status ${res.statusCode}. Aborting...`)
+        process.nextTick(() => { process.exit(1) })
+      }
+
+      const fileStream = fs.createWriteStream(coreLocalFile)
+      res.pipe(fileStream)
+
+      fileStream.on('finish', () => {
+        fileStream.close()
+        resolve()
+      })
+
+      fileStream.on('error', (err) => {
+        console.error(`Error ${err.message} while writing to '${coreLocalFile}'. Aborting...`)
+        process.nextTick(() => { process.exit(1) })
+      })
+    }).on('error', (err) => {
+      console.error(`Request to Github returned error ${err.message}. Aborting...`)
       process.nextTick(() => { process.exit(1) })
-    }
-    return fs.createWriteStream(coreLocalFile, { flags: 'w', autoClose: true })
+    }).end()
   })
   return readLocal(coreLocalFile)
 }
 
 async function getCoreIndex () {
-  const { headers } = await request(CORE_RAW_URL, { method: 'HEAD' })
-  if (!lastETagValue || lastETagValue !== headers.etag || !fs.existsSync(coreLocalFile)) {
-    updateLastETag(headers.etag)
-    debug('Creating local core.json')
-    return fetchCoreIndex()
-  } else {
-    debug(`No updates from upstream. Getting a cached version: ${coreLocalFile}`)
-    return readLocal(coreLocalFile)
-  }
+  return new Promise((resolve) => {
+    request(CORE_RAW_URL, { method: 'HEAD' }, (res) => {
+      if (res.statusCode !== 200) {
+        console.error(`Request to Github returned http status ${res.statusCode}. Aborting...`)
+        process.nextTick(() => { process.exit(1) })
+      }
+
+      res.on('data', () => {})
+
+      const { etag } = res.headers
+      if (!lastETagValue || lastETagValue !== etag || !fs.existsSync(coreLocalFile)) {
+        updateLastETag(etag)
+        debug('Creating local core.json')
+        resolve(fetchCoreIndex())
+      } else {
+        debug(`No updates from upstream. Getting a cached version: ${coreLocalFile}`)
+        resolve(readLocal(coreLocalFile))
+      }
+    }).on('error', (err) => {
+      console.error(`Request to Github returned error ${err.message}. Aborting...`)
+      process.nextTick(() => { process.exit(1) })
+    }).end()
+  })
 }
 
 const checkPlatform = platform => {

package-lock.json

@@ -30,8 +30,7 @@
   "dependencies": {
     "@actions/core": "^1.10.0",
     "@pkgjs/nv": "^0.2.1",
-    "semver": "^7.3.8",
-    "undici": "^5.15.1"
+    "semver": "^7.3.8"
   },
   "devDependencies": {
     "standard": "^17.0.0",