feat: Add support for Javascript package scanning (Fixes #1453)

anthonyharrison · anthonyharrison · commit ccf8ebec5a60 · 2022-02-13T16:28:05.000Z
diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
@@ -6,6 +6,7 @@
 import subprocess
 import sys
 from re import MULTILINE, compile, search
+from typing import List
 
 import defusedxml.ElementTree as ET
 
@@ -252,12 +253,12 @@ def run_java_checker(self, filename: str) -> None:
 
         self.logger.debug(f"Done scanning file: {filename}")
 
-    def find_js_vendor(self, product: str, version: str) -> list[str]:
+    def find_js_vendor(self, product: str, version: str) -> List[List[str]]:
         """Find vendor for Javascript product"""
         if version == "*":
             return None
         vendor_package_pair = self.cve_db.get_vendor_product_pairs(product)
-        vendorlist = []
+        vendorlist: List[List[str]] = []
         if vendor_package_pair != []:
             # To handle multiple vendors, return all combinations of product/vendor mappings
             for v in vendor_package_pair:
@@ -271,7 +272,7 @@ def find_js_vendor(self, product: str, version: str) -> list[str]:
             return vendorlist if len(vendorlist) > 0 else None
         return None
 
-    def run_js_checker(self, filename: str) ->  None:
+    def run_js_checker(self, filename: str) -> None:
         """Process package-lock.json file and extract product and dependency details"""
         fh = open(filename)
         data = json.load(fh)
