feat: [OSM-1039] move nodejs plugin functionality (#3)

.circleci/config.yml

@@ -1,22 +1,135 @@
 version: 2.1
 
 orbs:
-  prodsec: snyk/prodsec-orb@1
+  win: circleci/windows@2.4.0
+  prodsec: snyk/prodsec-orb@1.0
 
 filters_branches_ignore_main: &filters_branches_ignore_main
   filters:
     branches:
       ignore:
         - main
 
+defaults: &defaults
+  parameters:
+    node_version:
+      type: string
+      default: "18.19.1"
+  working_directory: ~/snyk-nodejs-plugin
+
+windows_defaults: &windows_defaults
+  environment:
+    npm_config_loglevel: silent
+  executor:
+    name: win/default
+
+test_matrix: &test_matrix
+  node_version: ['14.17.6', '16.13.2', '18.19.1']
+
+commands:
+  install_deps:
+    description: Install dependencies
+    steps:
+      - checkout
+      - run:
+          name: Use snyk-main npmjs user
+          command: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
+      - run:
+          name: Install dependencies
+          command: npm install
+  install_node_npm:
+    description: Install correct Node version
+    parameters:
+      node_version:
+        type: string
+        default: ""
+    steps:
+      - run:
+          name: Install correct version of Node
+          command: nvm install << parameters.node_version >>
+      - run:
+          name: Use correct version of Node
+          command: nvm use << parameters.node_version >>
+  show_node_version:
+    description: Log Node and npm version
+    steps:
+      - run:
+          name: Node version
+          command: node --version
+      - run:
+          name: NPM version
+          command: npm --version
+
+jobs:
+  lint:
+    <<: *defaults
+    docker:
+      - image: cimg/node:<< parameters.node_version >>
+    steps:
+      - checkout
+      - install_deps
+      - show_node_version
+      - run:
+          name: Run lint
+          command: npm run lint
+
+  test-windows:
+    <<: *defaults
+    <<: *windows_defaults
+    steps:
+      - run: git config --global core.autocrlf false
+      - checkout
+      - install_node_npm:
+          node_version: << parameters.node_version >>
+      - install_deps
+      - show_node_version
+      - run:
+          name: Run tests
+          command: npm test
+
+  test-unix:
+    <<: *defaults
+    docker:
+      - image: cimg/node:<< parameters.node_version >>
+    steps:
+      - checkout
+      - install_deps
+      - show_node_version
+      - run:
+          name: Run tests
+          command: npm test
+
 workflows:
   version: 2
   test_and_release:
     jobs:
       - prodsec/secrets-scan:
           name: Scan repository for secrets
-          trusted-branch: main
           context:
             - snyk-bot-slack
           channel: os-team-managed-alerts
+      - lint:
+          name: Lint
+          context: nodejs-install
+          node_version: "lts"
+      - test-windows:
+          matrix:
+            alias: test-windows
+            parameters:
+              <<: *test_matrix
+          name: Windows Tests for Node=<< matrix.node_version >>
+          context: nodejs-install
+          requires:
+            - Lint
           <<: *filters_branches_ignore_main
+      - test-unix:
+          matrix:
+            alias: test-unix
+            parameters:
+              <<: *test_matrix
+          name: Unix Tests for Node=<< matrix.node_version >>
+          context: nodejs-install
+          requires:
+            - Lint
+          <<: *filters_branches_ignore_main
+

.eslintrc

@@ -0,0 +1,29 @@
+{
+    "root": true,
+    "parser": "@typescript-eslint/parser",
+    "plugins": [
+      "@typescript-eslint"
+    ],
+    "extends": [
+      "eslint:recommended",
+      "plugin:@typescript-eslint/recommended"
+    ],
+    "rules": {
+      "@typescript-eslint/no-explicit-any": "off",
+      "require-await": "warn",
+      "camelcase": "error",
+      "default-case": "error",
+      "default-case-last": "error",
+      "no-constant-binary-expression": "error",
+      "no-duplicate-imports": "error",
+      "no-else-return": "error",
+      "no-invalid-this": "error",
+      "no-template-curly-in-string": "error",
+      "no-use-before-define": "error",
+      "no-var": "error",
+      "prefer-const": "error",
+      "require-atomic-updates": "error",
+      "spaced-comment": "error",
+      "yoda": "error"
+    }
+  }

.github/CONTRIBUTING.md

@@ -0,0 +1,48 @@
+# Contributing
+
+## Commit messages
+
+Commit messages must follow the [Angular-style](https://github.com/angular/angular.js/blob/master/CONTRIBUTING.md#commit-message-format) commit format (but excluding the scope).
+
+i.e:
+
+```text
+fix: minified scripts being removed
+
+Also includes tests
+```
+
+This will allow for the automatic changelog to generate correctly.
+
+### Commit types
+
+Must be one of the following:
+
+- **feat**: A new feature
+- **fix**: A bug fix
+- **docs**: Documentation only changes
+- **test**: Adding missing tests
+- **chore**: Changes to the build process or auxiliary tools and libraries such as documentation generation
+- **refactor**: A code change that neither fixes a bug nor adds a feature
+- **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
+- **perf**: A code change that improves performance
+
+To release a major you need to add `BREAKING CHANGE: ` to the start of the body and the detail of the breaking change.
+
+## Code standards
+
+Ensure that your code adheres to the included `.eslintrc` config by running `npm run lint`.
+
+## Sending pull requests
+
+- add tests for newly added code (and try to mirror directory and file structure if possible)
+- spell check
+- PRs will not be code reviewed unless all tests are passing (run `npm test`)
+
+_Important:_ when fixing a bug, please commit a **failing test** first demonstrate the current code is failing. Once that commit is in place, then commit the bug fix, so that we can test _before_ and _after_.
+
+Remember that you're developing for multiple platforms and versions of node, so if the tests pass on your Mac or Linux or Windows machine, it _may_ not pass elsewhere.
+
+## Contributor Agreement
+
+A pull-request will only be considered for merging into the upstream codebase after you have signed our [contributor agreement](https://github.com/snyk/snyk-nuget-plugin/blob/main/Contributor-Agreement.md), assigning us the rights to the contributed code and granting you a license to use it in return. If you submit a pull request, you will be prompted to review and sign the agreement with one click (we use [CLA assistant](https://cla-assistant.io/)).

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,22 @@
+- [ ] Tests written and linted
+- [ ] Documentation written / README.md updated [https://snyk.io/docs/snyk-for-node/](i)
+- [ ] Follows [CONTRIBUTING agreement](CONTRIBUTING.md)
+- [ ] Commit history is tidy [https://git-scm.com/book/en/v2/Git-Branching-Rebasing](i)
+- [ ] Reviewed by Snyk team
+
+### What this does
+
+_Explain why this PR exists_
+
+### Notes for the reviewer
+
+_Instructions on how to run this locally, background context, what to review, questions…_
+
+### More information
+
+- [SC-XXXX]()
+- [Link to documentation]()
+
+### Screenshots
+
+_Visuals that may help the reviewer_

.github/workflows/pr-housekeeping.yml

@@ -0,0 +1,13 @@
+on:
+  schedule:
+    - cron: "0 0 * * *" # Every day at midnight
+  workflow_dispatch:
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v7
+        with:
+          stale-pr-message: "Your PR has not had any activity for 60 days. In 7 days I'll close it. Make some activity to remove this."
+          close-pr-message: "Your PR has now been stale for 7 days. I'm closing it."

.gitignore

@@ -0,0 +1,16 @@
+.DS_Store
+
+dist
+node_modules
+./package-lock.json
+
+.eslintcache
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+coverage/
+
+# IDEs
+.idea
+.vscode
+.ionide/

.npmignore

@@ -0,0 +1,7 @@
+.github
+.jscsrc
+.travis.yml
+.vscode
+.idea
+/dev-test.js
+/test

.npmrc

@@ -0,0 +1 @@
+package-lock=false

.nvmrc

@@ -0,0 +1 @@
+18

.prettierrc

@@ -0,0 +1,21 @@
+{
+    "singleQuote": true,
+    "trailingComma": "all",
+    "overrides": [
+      {
+        "files": "*.csproj",
+        "options": {
+          "parser": "html"
+        }
+      },
+      {
+        "files": "*.json",
+        "options": {
+          "printWidth": 40,
+          "parser": "json",
+          "bracketSpacing": true,
+          "trailingComma": "none"
+        }
+      }
+    ]
+  }

.prettierrc.json

@@ -0,0 +1,15 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all",
+  "overrides": [
+    {
+      "files": "*.json",
+      "options": {
+        "printWidth": 40,
+        "parser": "json",
+        "bracketSpacing": true,
+        "trailingComma": "none"
+      }
+    }
+  ]
+}

.releaserc.json

@@ -0,0 +1,5 @@
+{
+    "branches": [
+      "main"
+    ]
+  }

Contributor-Agreement.md

@@ -0,0 +1,42 @@
+# Snyk CLI tool contributor agreement
+
+This Snyk CLI tool Agreement (this **"Agreement"**) applies to any Contribution you make to any Work.
+
+This is a binding legal agreement on you and any organization you represent. If you are signing this Agreement on behalf of your employer or other organization, you represent and warrant that you have the authority to agree to this Agreement on behalf of the organization.
+
+## 1. Definitions
+
+**"Contribution"** means any original work, including any modification of or addition to an existing work, that you submit to Snyk CLI tool repo in any manner for inclusion in any Work.
+
+**"Snyk", "we"** and **"us"** means Snyk Ltd.
+
+**"Work"** means any project, work or materials owned or managed by Snyk Ltd.
+
+**"You"** and **"your"** means you and any organization on whose behalf you are entering this Agreement.
+
+## 2. Copyright Assignment, License and Waiver
+
+**(a) Assignment.** By submitting a Contribution, you assign to Snyk all right, title and interest in any copright you have in the Contribution, and you waive any rights, including any moral rights, database rights, etc., that may affect your ownership of the copyright in the Contribution.
+
+**(b) License to Snyk.** If your assignment in Section 2(a) is ineffective for any reason, you grant to us and to any recipient of any Work distributed by use, a perpetual, worldwide, transferable, non-exclusive, no-charge, royalty-free, irrevocable, and sublicensable licence to use, reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Contributions and any derivative work created based on a Contribution. If your license grant is ineffective for any reason, you irrevocably waive and covenant to not assert any claim you may have against us, our successors in interest, and any of our direct or indirect licensees and customers, arising out of our, our successors in interest's, or any of our direct or indirect licensees' or customers' use, reproduction, preparation of derivative works, public display, public performance, sublicense, and distribution of a Contribution. You also agree that we may publicly use your name and the name of any organization on whose behalf you're entering into this Agreement in connection with publicizing the Work.
+
+**(c) License to you.** We grant to you a perpetual, worldwide, transferable, non-exclusive, no-charge, royalty-free, irrevocable, and sublicensable license to use, reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute a Contribution and any derivative works you create based on a Contribution.
+
+## 3. Patent License
+
+You grant to us and to any recipient of any Work distributed by us, a perpetual, worldwide, transferable, non-exclusive, no-charge, royalty-free, irrevocable, and sublicensable patent license to make, have made, use, sell, offer to sell, import, and otherwise transfer the Contribution in whole or in part, along or included in any Work under any patent you own, or license from a third party, that is necessarily infringed by the Contribution or by combination of the Contribution with any Work.
+
+## 4. Your Representation and Warranties.
+
+By submitting a Contribution, you represent and warrant that: (a) each Contribution you submit is an original work and you can legally grant the rights set out in this Agreement; (b) the Contribution does not, and any exercise of the rights granted by you will not, infringe any third party's intellectual property or other right; and (c) you are not aware of any claims, suits, or actions pertaining to the Contribution. You will notify us immediately if you become aware or have reason to believe that any of your representations and warranties is or becomes inaccurate.
+
+##5. Intellectual Property
+Except for the assignment and licenses set forth in this Agreement, this Agreement does not transfer any right, title or interest in any intellectual property right of either party to the other. If you choose to provide us with suggestions, ideas for improvement, recommendations or other feedback, on any Work we may use your feedback without any restriction or payment.
+
+## Miscellaneous
+
+English law governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of the courts in England, UK. This Agreement does not create a partnership, agency relationship, or joint venture between the parties. We may assign this Agreement without notice or restriction. If any provision of this Agreement is unenforcable, that provision will be modified to render it enforceable to the extent possible to effect the parties' intention and the remaining provisions will not be affected. The parties may amend this Agreement only in a written amendment signed by both parties. This Agreement comprises the parties' entire agreement relating to the subject matter of this Agreement.
+
+**Agreed and accepted on my behalf and on behalf of my organization**
+
+Our contributor agreement is based on the [mongoDB contributor agreement] (https://www.mongodb.com/legal/contributor-agreement).