MCPcopy Index your code
hub / github.com/SourceCode-AI/aura / check_requirement

Function check_requirement

aura/commands.py:32–65  ·  view source on GitHub ↗
(pkg)

Source from the content-addressed store, hash-verified

30
31
32def check_requirement(pkg):
33 click.secho("Received payload from package manager, running security audit...")
34
35 out_format = ScanOutputBase.from_uri("text")
36
37 handler = URIHandler.from_uri(f"{pkg['path']}")
38 try:
39 metadata = { # FIXME, add to item scan location
40 "uri_input": "pkg_path",
41 "source": "package_manager",
42 "pm_data": pkg,
43 "format": "plain",
44 "min_score": 0,
45 }
46 hits = []
47
48 for location in handler.get_paths(metadata=metadata):
49 # print(f"Enumerating: {location}")
50 hits.extend(scan_worker(location))
51
52 typosquatting = typos.check_name(pkg["name"])
53 if typosquatting:
54 click.secho(
55 "Possible typosquatting detected", fg="red", bold=True, blink=True
56 )
57 click.secho(
58 f"Following {len(typosquatting)} packages with similar names has been found:"
59 )
60 for x in typosquatting:
61 click.echo(f" - '{x}'")
62
63 finally:
64 handler.cleanup()
65 sys.exit(1)
66
67
68def scan_worker(item: ScanLocation) -> Generator[Detection, None, None]:

Callers

nothing calls this directly

Calls 4

scan_workerFunction · 0.85
from_uriMethod · 0.45
get_pathsMethod · 0.45
cleanupMethod · 0.45

Tested by

no test coverage detected