@@ -51,6 +51,7 @@ const { request, stream, setGlobalDispatcher, Agent } = __nccwpck_require__(1773
5151const EE = __nccwpck_require__(2361)
5252const fs = __nccwpck_require__(7147)
5353const path = __nccwpck_require__(1017)
54+ const os = __nccwpck_require__(2037)
5455const debug = __nccwpck_require__(8237)('is-my-node-vulnerable')
5556const satisfies = __nccwpck_require__(6055)
5657const { danger, vulnerableWarning, bold, separator, allGood } = __nccwpck_require__(9139)
@@ -106,21 +107,38 @@ async function getCoreIndex () {
106107 }
107108}
108109
109- function getVulnerabilityList (currentVersion, data) {
110+ function getVulnerabilityList (currentVersion, data, systemEnvironment ) {
110111 const list = []
111112 for (const key in data) {
112113 const vuln = data[key]
113114 if (
114- satisfies(currentVersion, vuln.vulnerable) &&
115- !satisfies(currentVersion, vuln.patched)
115+ (
116+ satisfies(currentVersion, vuln.vulnerable) &&
117+ !satisfies(currentVersion, vuln.patched)
118+ ) && (
119+ (!systemEnvironment || !Array.isArray(vuln.affectedEnvironments)) ||
120+ vuln.affectedEnvironments.includes(systemEnvironment)
121+ )
116122 ) {
117123 list.push(`${bold(vuln.cve)}: ${vuln.overview}\n${bold('Patched versions')}: ${vuln.patched}`)
118124 }
119125 }
120126 return list
121127}
122128
123- async function main (currentVersion) {
129+ const getSystemEnvironment = (platform) => {
130+ switch (platform) {
131+ case 'darwin':
132+ return 'osx'
133+ case 'win32':
134+ return 'win'
135+ default:
136+ return 'linux'
137+ }
138+ }
139+
140+ async function main (currentVersion, platform) {
141+ const systemEnvironment = getSystemEnvironment(platform)
124142 const isEOL = await isNodeEOL(currentVersion)
125143 if (isEOL) {
126144 console.error(danger)
@@ -129,7 +147,7 @@ async function main (currentVersion) {
129147 }
130148
131149 const coreIndex = await getCoreIndex()
132- const list = getVulnerabilityList(currentVersion, coreIndex)
150+ const list = getVulnerabilityList(currentVersion, coreIndex, systemEnvironment )
133151 if (list.length) {
134152 console.error(danger)
135153 console.error(vulnerableWarning + '\n')
@@ -162,14 +180,14 @@ async function isNodeEOL (version) {
162180 return now > end
163181}
164182
165- async function isNodeVulnerable (version) {
183+ async function isNodeVulnerable (version, systemEnvironment ) {
166184 const isEOL = await isNodeEOL(version)
167185 if (isEOL) {
168186 return true
169187 }
170188
171189 const coreIndex = await getCoreIndex()
172- const list = getVulnerabilityList(version, coreIndex)
190+ const list = getVulnerabilityList(version, coreIndex, systemEnvironment )
173191 return list.length > 0
174192}
175193
@@ -41519,8 +41537,14 @@ const { isNodeVulnerable } = __nccwpck_require__(2932)
4151941537async function run () {
4152041538 // Inputs
4152141539 const nodeVersion = core.getInput('node-version', { required: true })
41522- core.info(`Checking Node.js version ${nodeVersion}...`)
41523- const isVulnerable = await isNodeVulnerable(nodeVersion)
41540+ const platform = core.getInput('platform', { required: false })
41541+
41542+ if (platform && !['linux', 'win', 'osx'].includes(platform)) {
41543+ core.setFailed(`platform ${platform} is not valid. Please use linux, win or osx.`)
41544+ }
41545+
41546+ core.info(`Checking Node.js version ${nodeVersion} with platform ${platform}...`)
41547+ const isVulnerable = await isNodeVulnerable(nodeVersion, platform)
4152441548 if (isVulnerable) {
4152541549 core.setFailed(`Node.js version ${nodeVersion} is vulnerable. Please upgrade!`)
4152641550 } else {
0 commit comments