Files
wehub-resource-sync 9b395f5cc3
Build Chrome Extension / build (push) Waiting to run
Trigger Website Rebuild (Docs Updated) / dispatch (push) Waiting to run
E2E Headed Chrome / e2e-headed (macos-15) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (ubuntu-latest) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (windows-latest) (push) Has been cancelled
CI / build (macos-latest) (push) Has been cancelled
CI / build (ubuntu-latest) (push) Has been cancelled
CI / build (windows-latest) (push) Has been cancelled
CI / unit-test (push) Has been cancelled
CI / bun-test (push) Has been cancelled
CI / adapter-test (push) Has been cancelled
CI / smoke-test (macos-latest) (push) Has been cancelled
CI / smoke-test (ubuntu-latest) (push) Has been cancelled
Security Audit / audit (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:39:48 +08:00

55 lines
2.4 KiB
JavaScript

// osv vulnerability — fetch a single OSV vulnerability by id.
//
// Hits `https://api.osv.dev/v1/vulns/<id>`. Returns one row with the canonical
// id, summary, severity, aliases (CVE / GHSA mappings), publish / modify dates,
// and the affected packages (flattened to a comma-separated "ecosystem:name" list).
import { cli, Strategy } from '@jackwener/opencli/registry';
import { EmptyResultError } from '@jackwener/opencli/errors';
import { OSV_BASE, osvGet, requireVulnId, severityLabel, trimDate } from './utils.js';
cli({
site: 'osv',
name: 'vulnerability',
access: 'read',
description: 'Single OSV.dev vulnerability detail (severity, affected packages, CVE/GHSA aliases)',
domain: 'osv.dev',
strategy: Strategy.PUBLIC,
browser: false,
args: [
{ name: 'id', positional: true, type: 'string', required: true, help: 'OSV vulnerability id (e.g. "GHSA-29mw-wpgm-hmr9", "CVE-2020-28500")' },
],
columns: [
'id', 'summary', 'severity', 'aliases', 'published', 'modified',
'affectedPackages', 'cwes', 'referenceCount', 'url',
],
func: async (args) => {
const id = requireVulnId(args.id);
const vuln = await osvGet(`${OSV_BASE}/v1/vulns/${encodeURIComponent(id)}`, `osv vulnerability ${id}`);
if (!vuln || !vuln.id) {
throw new EmptyResultError('osv vulnerability', `OSV.dev returned no record for "${id}".`);
}
const affected = Array.isArray(vuln.affected) ? vuln.affected : [];
const pkgPairs = [];
for (const a of affected) {
const eco = a?.package?.ecosystem;
const name = a?.package?.name;
if (eco && name) pkgPairs.push(`${eco}:${name}`);
}
const aliases = Array.isArray(vuln.aliases) ? vuln.aliases.filter(Boolean) : [];
const cwes = Array.isArray(vuln?.database_specific?.cwe_ids) ? vuln.database_specific.cwe_ids : [];
const refs = Array.isArray(vuln.references) ? vuln.references : [];
return [{
id: String(vuln.id),
summary: String(vuln.summary ?? '').trim(),
severity: severityLabel(vuln),
aliases: aliases.join(', '),
published: trimDate(vuln.published),
modified: trimDate(vuln.modified),
affectedPackages: pkgPairs.join(', '),
cwes: cwes.join(', '),
referenceCount: refs.length,
url: `https://osv.dev/vulnerability/${vuln.id}`,
}];
},
});