nodejs · richardlau · May 10, 2019
diff --git a/dist-indexer.js b/dist-indexer.js
@@ -13,6 +13,7 @@ const fs         = require('fs')
 
     , transformFilename = require('./transform-filename')
     , decodeRef  = require('./decode-ref')
+    , isSecurityRelease  = require('./is-security-release')
 
     , versionCachePath = path.join(process.env.HOME, '.dist-indexer-version-cache')
 
@@ -39,6 +40,7 @@ const fs         = require('fs')
         , `${githubContentUrl}/src/node.h`
       ]
     , ltsVersionUrl    = `${githubContentUrl}/src/node_version.h`
+    , isSecurityUrl    = 'https://github.com/nodejs/{repo}/commits/{gitref}.atom'
     , githubOptions    = { headers: {
           'accept': 'text/plain,application/vnd.github.v3.raw'
       } }
@@ -339,6 +341,23 @@ function fetchLtsVersion (gitref, callback) {
 }
 
 
+function fetchSecurity (gitref, callback) {
+  var security = cacheGet(gitref, 'security')
+
+  if (security || security === false)
+    return setImmediate(callback.bind(null, null, security))
+
+  fetch(isSecurityUrl, gitref, function (err, rawData) {
+    if (err)
+      return callback(err)
+
+    security = isSecurityRelease(rawData)
+    cachePut(gitref, 'security', security)
+    callback(null, security)
+  })
+}
+
+
 function dirDate (dir, callback) {
   fs.readdir(path.join(argv.dist, dir), function (err, files) {
     if (err)
@@ -392,6 +411,7 @@ function inspectDir (dir, callback) {
     , zlibVersion
     , modVersion
     , ltsVersion
+    , securityRelease
     , date
 
   if (!gitref) {
@@ -412,7 +432,7 @@ function inspectDir (dir, callback) {
 
     files = _files
 
-    var done = after(8, afterAll)
+    var done = after(9, afterAll)
 
     dirDate(dir, function (err, _date) {
       if (err)
@@ -484,6 +504,15 @@ function inspectDir (dir, callback) {
       ltsVersion = version
       done()
     })
+
+    fetchSecurity(gitref, function (err, security) {
+      if (err) {
+        console.error(err)
+        console.error('(ignoring error fetching security release for %s)', gitref)
+      }
+      securityRelease = security
+      done()
+    })
   })
 
   function afterAll (err) {
@@ -504,6 +533,7 @@ function inspectDir (dir, callback) {
       , openssl   : sslVersion
       , modules   : modVersion
       , lts       : ltsVersion
+      , security  : securityRelease
     })
   }
 }
@@ -533,7 +563,7 @@ function afterMap (err, dirs) {
   }
 
   jsonOut.write('[\n')
-  tabWrite('version', 'date', 'files', 'npm', 'v8', 'uv', 'zlib', 'openssl', 'modules', 'lts')
+  tabWrite('version', 'date', 'files', 'npm', 'v8', 'uv', 'zlib', 'openssl', 'modules', 'lts', 'security')
 
   dirs.forEach(function (dir, i) {
     jsonOut.write(JSON.stringify(dir) + (i != dirs.length - 1 ? ',\n' : '\n'))
@@ -548,6 +578,7 @@ function afterMap (err, dirs) {
       , dir.openssl
       , dir.modules
       , dir.lts
+      , dir.security
     )
   })
 

diff --git a/is-security-release.js b/is-security-release.js
@@ -0,0 +1,34 @@
+const notesre = /Version \d+\.\d+\.\d+.*\n(?!\w+<\/title>)\n(.*)\n/m
+    , securityre = /This is a security release\./
+
+
+function isSecurityRelease (notes) {
+  const m = notes.match(notesre)
+  if (m && securityre.test(m[1]))
+    return true
+
+  return false
+}
+
+
+module.exports = isSecurityRelease
+
+
+if (module === require.main) {
+  const assert = require('assert')
+  const fs = require('fs')
+  const path = require('path')
+  const fixturespath = path.join(__dirname, 'test', 'fixtures', 'release-notes')
+  const tests = [
+      { fixture: 'v10.14.0.atom', expected: true }
+    , { fixture: 'v10.14.1.atom', expected: false }
+    , { fixture: 'v11.3.0.atom' , expected: true }
+  ]
+
+  tests.forEach(function (test) {
+    console.log(`testing ${test.fixture} -> ${test.expected}`)
+    const fixture = path.join(fixturespath, test.fixture)
+    const notes = fs.readFileSync(fixture, { encoding: 'utf8' })
+    assert.equal(isSecurityRelease(notes), test.expected)
+  })
+}