Remove babel from nodejs-scan analyzer
A few reminders:
- Our nodejs-scan analyzer only rely on the rules provided by the upstream project NodeJsScan.
- The logic has been completely re-implemented in Go
- We didn't want to use the tool itself because of a lot of dependencies
- We introduced Babel to avoid reporting vulnerabilities that would be in comments.
It turned out babel is a big dependency, and generated a lot of extra work and woes. We recently updated to babel 7 to fix some of the issues we had, and introduced others at the same time. It's time to reconsider this choice, and evaluate the real need for such a big piece of software to maintain.
If we're only talking about ignoring comments, why don't we just update the scanFile func to ignore lines starting with //, and all lines between the ones starting with /* and ending with */. We don't even need a RegExp for that, strings.HasPrefix (/Suffix) is enough for this job.
This change is pretty straightforward and would make the analyzer a lot lighter (no more javascript or babel required), therefore easier to maintain.
/cc @fcatteau in case I missed something obvious. /cc @twoodham