chore: merge

Author: parker-snyk

lib/analyzer/applications/node-modules-utils.ts

@@ -1,5 +1,6 @@
 import * as Debug from "debug";
 import { mkdir, mkdtemp, rm, stat, writeFile } from "fs/promises";
+import * as os from "os";
 import * as path from "path";
 import { FilePathToContent, FilesByDirMap } from "./types";
 const debug = Debug("snyk");
@@ -22,7 +23,7 @@ interface ScanPaths {
 async function createTempProjectDir(
   projectDir: string,
 ): Promise<{ tmpDir: string; tempProjectRoot: string }> {
-  const tmpDir = await mkdtemp("snyk");
+  const tmpDir = await mkdtemp(path.join(os.tmpdir(), "snyk-"));
 
   const tempProjectRoot = path.join(tmpDir, projectDir);
 

lib/analyzer/image-inspector.ts

@@ -1,6 +1,5 @@
 import * as Debug from "debug";
 import * as fs from "fs";
-import * as mkdirp from "mkdirp";
 import * as path from "path";
 
 import { Docker, DockerOptions } from "../docker";
@@ -200,7 +199,7 @@ async function getImageArchive(
   platform?: string,
 ): Promise<ArchiveResult> {
   const docker = new Docker();
-  mkdirp.sync(imageSavePath);
+  fs.mkdirSync(imageSavePath, { recursive: true });
   const destination: DestinationDir = {
     name: imageSavePath,
     removeCallback: cleanupCallback(imageSavePath, "image.tar"),

lib/image-save-path.ts

@@ -1,12 +1,12 @@
+import * as crypto from "crypto";
+import * as os from "os";
 import * as path from "path";
-import * as tmp from "tmp";
-import { v4 as uuidv4 } from "uuid";
 
 export function fullImageSavePath(imageSavePath: string | undefined): string {
-  let imagePath = tmp.dirSync().name;
+  let imagePath = os.tmpdir();
   if (imageSavePath) {
     imagePath = path.normalize(imageSavePath);
   }
 
-  return path.join(imagePath, uuidv4());
+  return path.join(imagePath, crypto.randomUUID());
 }

package-lock.json

@@ -46,17 +46,14 @@
     "fzstd": "^0.1.1",
     "gunzip-maybe": "^1.4.2",
     "minimatch": "^9.0.0",
-    "mkdirp": "^1.0.4",
     "packageurl-js": "1.2.0",
     "semver": "^7.7.3",
     "shescape": "^2.1.7",
     "snyk-nodejs-lockfile-parser": "^2.7.0",
     "snyk-poetry-lockfile-parser": "1.9.1",
     "snyk-resolve-deps": "^4.9.1",
     "tar-stream": "^2.2.0",
-    "tmp": "^0.2.5",
     "tslib": "^1",
-    "uuid": "^8.2.0",
     "varint": "^6.0.0"
   },
   "devDependencies": {

package.json

@@ -10,7 +10,6 @@ import {
 import * as os from "os";
 import * as path from "path";
 import * as tar from "tar-stream";
-import * as tmp from "tmp";
 import { Docker } from "../../lib/docker";
 import { CmdOutput } from "../../lib/sub-process";
 import * as subProcess from "../../lib/sub-process";
@@ -123,6 +122,7 @@ describe("docker", () => {
 
     const docker = new Docker();
     let expectedChecksum;
+    let tempFilesToCleanup: string[] = [];
 
     beforeAll(async () => {
       const loadImage = path.join(
@@ -139,6 +139,12 @@ describe("docker", () => {
       if (existsSync(TEST_TARGET_IMAGE_DESTINATION)) {
         unlinkSync(TEST_TARGET_IMAGE_DESTINATION);
       }
+      for (const file of tempFilesToCleanup) {
+        if (existsSync(file)) {
+          unlinkSync(file);
+        }
+      }
+      tempFilesToCleanup = [];
     });
 
     async function calculateImageSHA256(tarFilePath: string): Promise<string> {
@@ -164,9 +170,12 @@ describe("docker", () => {
       return new Promise((resolve, reject) => {
         const extract = tar.extract();
         const pack = tar.pack();
-        const tempFile = tmp.fileSync();
-        const output = createWriteStream(tempFile.name);
-
+        const tempFilePath = path.join(
+          os.tmpdir(),
+          `snyk-docker-plugin-test-${crypto.randomUUID()}.tar`,
+        );
+        tempFilesToCleanup.push(tempFilePath);
+        const output = createWriteStream(tempFilePath);
         extract.on("entry", (header, stream, next) => {
           // Normalize the header
           header.mtime = new Date(0); // Set modification time to the epoch
@@ -183,7 +192,7 @@ describe("docker", () => {
         });
 
         output.on("finish", () => {
-          resolve(tempFile.name);
+          resolve(tempFilePath);
         });
 
         extract.on("error", (err) => {

test/system/docker.spec.ts

@@ -1,7 +1,7 @@
+import * as crypto from "crypto";
 import * as fs from "fs";
+import * as os from "os";
 import * as path from "path";
-import * as tmp from "tmp";
-import { v4 as uuidv4 } from "uuid";
 
 import { DockerPullResult } from "@snyk/snyk-docker-pull";
 import * as plugin from "../../lib";
@@ -114,7 +114,7 @@ describe("getImageArchive", () => {
     });
 
     it("should produce the expected state", async () => {
-      const imageSavePath = path.join(customPath, uuidv4());
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       const dockerPullSpy = jest.spyOn(Docker.prototype, "pull");
       const loadImage = path.join(
         __dirname,
@@ -152,8 +152,8 @@ describe("getImageArchive", () => {
 
   describe("from remote registry with binary", () => {
     it("should produce the expected state", async () => {
-      const customPath = tmp.dirSync().name;
-      const imageSavePath = path.join(customPath, uuidv4());
+      const customPath = fs.mkdtempSync(path.join(os.tmpdir(), "snyk-"));
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       const registryPullSpy = jest.spyOn(Docker.prototype, "pull");
 
       const archiveLocation: ArchiveResult =
@@ -180,11 +180,12 @@ describe("getImageArchive", () => {
       expect(customPathExistsOnDisk).toBe(true);
 
       await subProcess.execute("docker", ["image", "rm", targetImage]);
+      fs.rmSync(customPath, { recursive: true, force: true });
     });
 
     it("should fail correctly when manifest is not found for given tag", async () => {
-      const customPath = tmp.dirSync().name;
-      const imageSavePath = path.join(customPath, uuidv4());
+      const customPath = fs.mkdtempSync(path.join(os.tmpdir(), "snyk-"));
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       const dockerPullCliSpy = jest
         .spyOn(Docker.prototype, "pullCli")
         .mockImplementation(() => {
@@ -209,6 +210,8 @@ describe("getImageArchive", () => {
 
       expect(dockerPullCliSpy).toHaveBeenCalled();
       expect(dockerPullSpy).not.toHaveBeenCalled();
+
+      fs.rmSync(customPath, { recursive: true, force: true });
     });
   });
 
@@ -220,7 +223,7 @@ describe("getImageArchive", () => {
     });
 
     it("should produce the expected state", async () => {
-      const imageSavePath = path.join(customPath, uuidv4());
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       // we simulate the Docker CLI being so old that the `--platform` flag is not supported at all.
       const dockerPullCliSpy = jest
         .spyOn(Docker.prototype, "pullCli")
@@ -258,7 +261,7 @@ describe("getImageArchive", () => {
     });
 
     it("should produce the expected state", async () => {
-      const imageSavePath = path.join(customPath, uuidv4());
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       const dockerPullCliSpy = jest
         .spyOn(Docker.prototype, "pullCli")
         .mockImplementation(() => {
@@ -296,7 +299,7 @@ describe("getImageArchive", () => {
     });
 
     it("should produce the expected state", async () => {
-      const imageSavePath = path.join(customPath, uuidv4());
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       const dockerPullSpy = jest.spyOn(Docker.prototype, "pull");
       jest.spyOn(subProcess, "execute").mockImplementation(() => {
         throw new Error();
@@ -334,7 +337,7 @@ describe("getImageArchive", () => {
     });
 
     it("should produce the expected state", async () => {
-      const imageSavePath = path.join(customPath, uuidv4());
+      const imageSavePath = path.join(customPath, crypto.randomUUID());
       const dockerPullSpy = jest
         .spyOn(Docker.prototype, "pull")
         .mockImplementation((_1, _2, _3, imageSavePath) => {