4.1 KiB
4.1 KiB
Bun Language Analyzer
Module
Scanner
Status
IMPLEMENTED
Description
Full language analyzer for the Bun JavaScript runtime including bun.lockb binary lockfile parser, installed package collector, workspace/monorepo support, scope classification (dev/prod/peer), symlink safety checks, CLI verbs, and WebService endpoints for Worker integration.
Implementation Details
- Analyzer Plugin:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/BunAnalyzerPlugin.cs- Plugin entry point for Bun analyzersrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/BunLanguageAnalyzer.cs- Main language analyzer implementation
- Lockfile Parsing:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockParser.cs- Parsesbun.lockbbinary lockfilessrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockData.cs- Parsed lock data modelsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockEntry.cs- Individual lock entry modelsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockInventory.cs- Inventory built from lockfile
- Package Collection:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInstalledCollector.cs- Collects installed packages from filesystemsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunDeclaredDependencyCollector.cs- Collects declared dependencies from package.jsonsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackage.cs- Package modelsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackageNormalizer.cs- Package normalization
- Scope & Classification:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockScopeClassifier.cs- Classifies dependencies as dev/prod/peersrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInputClassification.cs- Input file classification
- Workspace/Monorepo:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunWorkspaceHelper.cs- Workspace and monorepo supportsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunProjectDiscoverer.cs- Discovers Bun projects in filesystem
- Input & Config:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInputNormalizer.cs- Normalizes input for determinismsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunConfigHelper.cs- Configuration helperssrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunVersionSpec.cs- Version specification parsingsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunEvidenceHasher.cs- Evidence hashing for determinism
- Worker Integration:
src/Scanner/StellaOps.Scanner.Worker/Processing/Surface/BunPackageInventoryBuilder.cs- Builds package inventory during scan
- Storage:
src/Scanner/__Libraries/StellaOps.Scanner.Storage/Services/BunPackageInventoryStore.cs- Package inventory storesrc/Scanner/__Libraries/StellaOps.Scanner.Storage/Repositories/BunPackageInventoryRepository.cs- Repositorysrc/Scanner/__Libraries/StellaOps.Scanner.Storage/Catalog/BunPackageInventoryDocument.cs- Document model
- WebService:
src/Scanner/StellaOps.Scanner.WebService/Contracts/BunContracts.cs- API contracts for Bun scan results
E2E Test Plan
- Scan a container image containing a Bun project with
bun.lockband verify all packages are parsed correctly - Verify scope classification distinguishes dev, prod, and peer dependencies
- Scan a Bun workspace/monorepo and verify all workspace packages are discovered and analyzed
- Verify installed package collection from node_modules matches lockfile data
- Verify the scan results include PURL identifiers for all Bun packages
- Verify symlink safety checks flag potentially unsafe symlinks in node_modules
- Verify Bun scan results are available via the WebService API contracts