MCPcopy Create free account
hub / github.com/npmx-dev/npmx.dev / getSeverityLevel

Function getSeverityLevel

server/utils/dependency-analysis.ts:234–256  ·  view source on GitHub ↗
(vuln: OsvVulnerability)

Source from the content-addressed store, hash-verified

232}
233
234function getSeverityLevel(vuln: OsvVulnerability): OsvSeverityLevel {
235 const dbSeverity = vuln.database_specific?.severity?.toLowerCase()
236 if (dbSeverity) {
237 if (dbSeverity === 'critical') return 'critical'
238 if (dbSeverity === 'high') return 'high'
239 if (dbSeverity === 'moderate' || dbSeverity === 'medium') return 'moderate'
240 if (dbSeverity === 'low') return 'low'
241 }
242
243 const severityEntry = vuln.severity?.[0]
244 if (severityEntry?.score) {
245 const match = severityEntry.score.match(/(?:^|[/:])(\d+(?:\.\d+)?)$/)
246 if (match?.[1]) {
247 const score = parseFloat(match[1])
248 if (score >= 9.0) return 'critical'
249 if (score >= 7.0) return 'high'
250 if (score >= 4.0) return 'moderate'
251 if (score > 0) return 'low'
252 }
253 }
254
255 return 'unknown'
256}
257
258/**
259 * Analyze entire dependency tree for vulnerabilities and deprecated packages.

Callers 1

queryOsvDetailsFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected