feat(interface): download report (#349)

Author: PierreDemailly

.gitignore

@@ -64,3 +64,4 @@ nsecure-result.json
 vuln.json
 tmp/
 dist/
+reports

README.md

@@ -37,6 +37,7 @@
 - Link vulnerabilities from the multiple sources like GitHub Advisory, Sonatype or Snyk using [Vulnera](https://github.com/NodeSecure/vulnera). 
 - Add flags (emojis) to each packages versions to identify well known patterns and potential security threats easily.
 - First-class support of open source security initiatives like [OpenSSF Scorecard](https://github.com/ossf/scorecard).
+- Generate security report (PDF).
 
 ## 🚧 Requirements
 

i18n/english.js

@@ -129,6 +129,14 @@ const ui = {
   popup: {
     maintainer: {
       intree: "packages in the dependency tree"
+    },
+    report: {
+      title: "Generate a report",
+      form: {
+        title: "Report title",
+        includesAllDeps: "Include all dependencies",
+        submit: "Generate"
+      }
     }
   },
   home: {
@@ -138,7 +146,8 @@ const ui = {
       totalSize: "total size",
       directDeps: "direct deps",
       transitiveDeps: "transitive deps",
-      downloadsLastWeek: "downloads last week"
+      downloadsLastWeek: "downloads last week",
+      generateReport: "Generate a report"
     },
     watch: "Packages in the dependency tree requiring greater attention",
     criticalWarnings: "Critical Warnings",

i18n/french.js

@@ -129,6 +129,14 @@ const ui = {
   popup: {
     maintainer: {
       intree: "packages dans l'abre de dépendances"
+    },
+    report: {
+      title: "Générer un rapport",
+      form: {
+        title: "Titre du rapport",
+        includesAllDeps: "Inclure toutes les dépendances",
+        submit: "Générer"
+      }
     }
   },
   home: {
@@ -138,7 +146,8 @@ const ui = {
       totalSize: "poids total",
       directDeps: "dépendances directes",
       transitiveDeps: "dépendances transitives",
-      downloadsLastWeek: "téléchargements la semaine dernière"
+      downloadsLastWeek: "téléchargements la semaine dernière",
+      generateReport: "Générer un rapport"
     },
     watch: "Packages dans l'arbre de dépendance nécessitant une plus grande attention",
     criticalWarnings: "Avertissements critiques",

package.json

@@ -86,6 +86,7 @@
     "@nodesecure/npm-registry-sdk": "^2.1.0",
     "@nodesecure/ossf-scorecard-sdk": "^3.1.0",
     "@nodesecure/rc": "^1.5.0",
+    "@nodesecure/report": "^1.1.1",
     "@nodesecure/scanner": "^5.3.0",
     "@nodesecure/utils": "^1.2.0",
     "@nodesecure/vuln": "^1.7.0",
@@ -95,6 +96,7 @@
     "@topcli/prompts": "^1.9.0",
     "@topcli/spinner": "^2.1.2",
     "cacache": "^18.0.2",
+    "co-body": "^6.1.0",
     "dotenv": "^16.4.4",
     "filenamify": "^6.0.0",
     "highlightjs-line-numbers.js": "^2.8.0",

public/components/locker/locker.js

@@ -11,6 +11,10 @@ export class Locker {
     this.renderUnlock();
 
     document.addEventListener("keydown", (event) => {
+      if (window.disableShortcuts) {
+        return;
+      }
+
       const hotkeys = JSON.parse(localStorage.getItem("hotkeys"));
       switch (event.key.toUpperCase()) {
         case hotkeys.lock: {

public/components/navigation/navigation.js

@@ -29,6 +29,10 @@ export class ViewNavigation {
     }
 
     document.addEventListener("keydown", (event) => {
+      if (window.disableShortcuts) {
+        return;
+      }
+
       if (window.searchbar.background.classList.contains("show")) {
         return;
       }

public/components/popup/popup.js

@@ -25,6 +25,8 @@ export class Popup {
       return;
     }
 
+    window.disableShortcuts = true;
+
     this.templateName = template.name;
     this.dom.popup.appendChild(template.HTMLElement);
     // TODO: apply additional css customization
@@ -59,6 +61,7 @@ export class Popup {
       return;
     }
 
+    window.disableShortcuts = false;
     this.dom.popup.innerHTML = "";
     this.templateName = null;
     this.#cleanupClickOutside();

public/components/views/home/home.css

@@ -1,4 +1,5 @@
 @import url("./maintainers/maintainers.css");
+@import url("./report/report.css");
 
 #home--view {
   z-index: 10;
@@ -13,6 +14,12 @@
   display: flex;
 }
 
+.home--header--aside {
+  display: flex;
+  flex-direction: column;
+  align-items: end;
+}
+
 .home--header--scorecard {
   display: none;
   flex-shrink: 0;
@@ -67,6 +74,18 @@
   background-color: rgb(39 144 252);
 }
 
+.home--header--report {
+  margin-top: 8px;
+  border: none;
+  padding: 10px;
+  color: #fffde4;
+  background: #1f9ad7;
+  font-weight: bold;
+  cursor: pointer;
+  border-radius: 4px;
+  text-shadow: 1px 1px 10px #0000007d;
+}
+
 .home--header--title {
   display: flex;
   flex-direction: column;

public/components/views/home/home.js

@@ -10,6 +10,7 @@ import { fetchScorecardData, getScoreColor, getScorecardLink } from "../../../co
 
 // Import Components
 import { Maintainers } from "./maintainers/maintainers.js";
+import { PopupReport } from "./report/report.js";
 
 // CONSTANTS
 const kFlagsToWatch = new Set([
@@ -46,6 +47,7 @@ export class HomeView {
     this.generateExtensions();
     this.generateLicenses();
     this.generateMaintainers();
+    this.handleReport();
   }
 
   generateScorecard() {
@@ -301,4 +303,12 @@ export class HomeView {
     new Maintainers(this.secureDataSet, this.nsn)
       .render();
   }
+
+  handleReport() {
+    document.querySelector(".home--header--report").addEventListener("click", async() => {
+      window.popup.open(
+        new PopupReport(this.secureDataSet.data.rootDependencyName).render()
+      );
+    });
+  }
 }