JS: Extend getABulkExportedNode and use it in PackageExports

javascript/ql/lib/semmle/javascript/AMD.qll

@@ -313,6 +313,19 @@ class AmdModule extends Module {
       name = pwn.getPropertyName()
     )
   }
+
+  override DataFlow::Node getABulkExportedNode() {
+    // Assigned to `module.exports` via the factory's `module` parameter
+    exists(AbstractModuleObject m, DataFlow::PropWrite write |
+      m.getModule() = this and
+      write.getPropertyName() = "exports" and
+      write.getBase().analyze().getAValue() = m and
+      result = write.getRhs()
+    )
+    or
+    // Returned from factory function
+    result = getDefine().getModuleExpr().flow()
+  }
 }
 
 /**

javascript/ql/lib/semmle/javascript/Closure.qll

@@ -177,6 +177,10 @@ module Closure {
         )
       )
     }
+
+    override DataFlow::Node getABulkExportedNode() {
+      result = getExportsVariable().getAnAssignedExpr().flow()
+    }
   }
 
   /**

javascript/ql/lib/semmle/javascript/PackageExports.qll

@@ -171,4 +171,6 @@ private DataFlow::Node getAnExportFromModule(Module mod) {
   result.analyze().getAValue() = mod.(AmdModule).getDefine().getAModuleExportsValue()
   or
   result = mod.getAnExportedValue(_)
+  or
+  result = mod.getABulkExportedNode()
 }