java.lang.Object
- org.owasp.dependencycheck.analyzer.AbstractAnalyzer
- - org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
  - - org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
    - - org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer

All Implemented Interfaces:

java.io.FileFilter, Analyzer, FileTypeAnalyzer
```
@ThreadSafe
public class NodeAuditAnalyzer
extends AbstractNpmAnalyzer
```
Used to analyze Node Package Manager (npm) package-lock.json and npm-shrinkwrap.json files via NPM Audit API.

Author:

Steve Springett

Field Summary

Fields
Modifier and Type	Field	Description
`static java.lang.String`	`DEFAULT_URL`	The default URL to the NPM Audit API.
`static java.lang.String`	`DEPENDENCY_ECOSYSTEM`	A descriptor for the type of dependencies processed or added by this analyzer.
`static java.lang.String`	`PACKAGE_LOCK_JSON`	The file name to scan.
`static java.lang.String`	`SHRINKWRAP_JSON`	The file name to scan.

Fields inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
NPM_DEPENDENCY_ECOSYSTEM

Constructor Summary

Constructors
Constructor Description

NodeAuditAnalyzer()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`analyzeDependency(Dependency dependency, Engine engine)`	Analyzes a given dependency.
`AnalysisPhase`	`getAnalysisPhase()`	Returns the phase that the analyzer is intended to run in.
`protected java.lang.String`	`getAnalyzerEnabledSettingKey()`	Returns the key used in the properties file to determine if the analyzer is enabled.
`protected java.io.FileFilter`	`getFileFilter()`	Returns the FileFilter
`java.lang.String`	`getName()`	Returns the name of the analyzer.

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, prepareFileTypeAnalyzer, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcess

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing

- Field Detail
  - DEFAULT_URL
```
public static final java.lang.String DEFAULT_URL
```
    The default URL to the NPM Audit API.
    
    See Also:
    
    Constant Field Values
  - DEPENDENCY_ECOSYSTEM
```
public static final java.lang.String DEPENDENCY_ECOSYSTEM
```
    A descriptor for the type of dependencies processed or added by this analyzer.
    
    See Also:
    
    Constant Field Values
  - PACKAGE_LOCK_JSON
```
public static final java.lang.String PACKAGE_LOCK_JSON
```
    The file name to scan.
    
    See Also:
    
    Constant Field Values
  - SHRINKWRAP_JSON
```
public static final java.lang.String SHRINKWRAP_JSON
```
    The file name to scan.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - NodeAuditAnalyzer
```
public NodeAuditAnalyzer()
```
- Method Detail
  - getFileFilter
```
protected java.io.FileFilter getFileFilter()
```
    Returns the FileFilter
    
    Specified by:
    
    getFileFilter in class AbstractFileTypeAnalyzer
    
    Returns:
    
    the FileFilter
  - getName
```
public java.lang.String getName()
```
    Returns the name of the analyzer.
    
    Returns:
    
    the name of the analyzer.
  - getAnalysisPhase
```
public AnalysisPhase getAnalysisPhase()
```
    Returns the phase that the analyzer is intended to run in.
    
    Returns:
    
    the phase that the analyzer is intended to run in.
  - getAnalyzerEnabledSettingKey
```
protected java.lang.String getAnalyzerEnabledSettingKey()
```
    Returns the key used in the properties file to determine if the analyzer is enabled.
    
    Specified by:
    
    getAnalyzerEnabledSettingKey in class AbstractAnalyzer
    
    Returns:
    
    the enabled property setting key for the analyzer
  - analyzeDependency
```
protected void analyzeDependency(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException
```
    Description copied from class: AbstractAnalyzer
    
    Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.
    
    Specified by:
    
    analyzeDependency in class AbstractAnalyzer
    
    Parameters:
    
    dependency - the dependency to analyze
    
    engine - the engine scanning
    
    Throws:
    
    AnalysisException - thrown if there is an analysis exception

Class NodeAuditAnalyzer

Field Summary

Fields inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

Constructor Summary

Method Summary

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer

Methods inherited from class java.lang.Object

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer

Field Detail

DEFAULT_URL

DEPENDENCY_ECOSYSTEM

PACKAGE_LOCK_JSON

SHRINKWRAP_JSON

Constructor Detail

NodeAuditAnalyzer

Method Detail

getFileFilter

getName

getAnalysisPhase

getAnalyzerEnabledSettingKey

analyzeDependency