Merge branch 'master' of github.com:nodesecurity/nsp

bin/nsp

@@ -18,7 +18,7 @@
 
 'use strict';
 
-var subcommand = require('subcommand');
+var Subcommand = require('subcommand');
 var usage = require('../lib/utils/usage.js')('root.txt');
 
 var config = {
@@ -34,5 +34,5 @@ var config = {
   }
 };
 
-var route = subcommand(config);
+var route = Subcommand(config);
 route(process.argv.slice(2));

contributing.md

@@ -0,0 +1,19 @@
+# Contributing
+
+When making a pull request for this repo, please make sure of a few things
+
+- tests and linting should pass for you locally. We have CI tests that also enforce this.
+- rebuild the shrinkwrap file if you're changing any dependencies.
+
+## Rebuilding the shrinkwrap
+
+Because of the differences beween npm versions 2 and 3, you will want to use npm 2.  A shrinkwrap built under npm 2 will also work under npm 3.  A shrinkwrap built under npm 3 will *not* work under npm 2.
+
+The simplest way to build a new shrinkwrap is to start with an empty node_modules.  Once you've done that and have made sure you're using npm 2:
+
+```sh
+$ npm install
+$ npm run shrinkwrap
+```
+
+Note that it is `npm run shrinkwrap` not `npm shrinkwrap`.  This is because we have a shrinkwrap script that not only runs the shrinkwrap itself but also runs `shrinkydink`, a post-processor that cleans out some unneeded info we don't want.

lib/check.js

@@ -7,9 +7,17 @@ var ProxyAgent = require('https-proxy-agent');
 var Semver = require('semver');
 var Path = require('path');
 var Wreck = require('wreck');
-var pathIsAbsolute = require('path-is-absolute');
-
-var Conf = require('rc')('nsp', { api: { baseUrl: 'https://api.nodesecurity.io', json: true } }, []);
+var PathIsAbsolute = require('path-is-absolute');
+
+var Conf = require('rc')('nsp', {
+  api: {
+    baseUrl: 'https://api.nodesecurity.io',
+    json: true,
+    headers: {
+      'X-NSP-VERSION': require('../package.json').version
+    }
+  }
+}, []);
 
 var internals = {};
 internals.findLines = function (shrinkwrap, module, version) {
@@ -60,6 +68,7 @@ module.exports = function (options, callback) {
   }
 
   options.proxy = options.proxy || Conf.proxy;
+  options.proxy = options.proxy || process.env.https_proxy || process.env.HTTPS_PROXY;
   if (options.proxy) {
     Conf.api.agent = new ProxyAgent(options.proxy);
     delete options.proxy;
@@ -115,7 +124,7 @@ module.exports = function (options, callback) {
     }
     try {
       if (advisoriesPath) {
-        if (!pathIsAbsolute(advisoriesPath)) {
+        if (!PathIsAbsolute(advisoriesPath)) {
           advisoriesPath = Path.resolve(process.cwd(), advisoriesPath);
         }
 

lib/formatters/default.js

@@ -9,7 +9,7 @@ module.exports = function (err, data) {
 
   if (err) {
     if (data) {
-      returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(data) + '\n';
+      returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(Buffer.isBuffer(data) ? data.toString() : data) + '\n';
     }
 
     return returnString + Chalk.yellow('(+) ') + err;

lib/formatters/json.js

@@ -3,7 +3,7 @@
 module.exports = function (err, data) {
 
   if (err) {
-    return 'Debug output: ' + JSON.stringify(data) + '\n' + JSON.stringify(err);
+    return 'Debug output: ' + JSON.stringify(Buffer.isBuffer(data) ? data.toString() : data) + '\n' + JSON.stringify(err);
   }
 
   return JSON.stringify(data, null, 2);

lib/formatters/summary.js

@@ -9,7 +9,7 @@ module.exports = function (err, data) {
 
   if (err) {
     if (data) {
-      returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(data) + '\n';
+      returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(Buffer.isBuffer(data) ? data.toString() : data) + '\n';
     }
 
     return returnString + Chalk.yellow('(+) ') + err;

lib/utils/usage.js

@@ -1,11 +1,11 @@
 'use strict';
 
-var fs = require('fs');
-var path = require('path');
+var Fs = require('fs');
+var Path = require('path');
 
 var usage = function (location) {
 
-  console.error(fs.readFileSync(path.join(__dirname, '../../', 'usage', location)).toString());
+  console.error(Fs.readFileSync(Path.join(__dirname, '../../', 'usage', location)).toString());
 };
 
 module.exports = function (location) {

package.json

@@ -1,7 +1,7 @@
 {
   "name": "nsp",
   "description": "The Node Security (nodesecurity.io) command line interface",
-  "version": "2.2.2",
+  "version": "2.3.0",
   "author": "^lift security",
   "bin": {
     "nsp": "bin/nsp"
@@ -11,7 +11,7 @@
     "cli-table": "^0.3.1",
     "https-proxy-agent": "^1.0.0",
     "joi": "^6.9.1",
-    "nodesecurity-npm-utils": "^3.2.0",
+    "nodesecurity-npm-utils": "^4.0.1",
     "path-is-absolute": "^1.0.0",
     "rc": "^1.1.2",
     "semver": "^5.0.3",
@@ -20,12 +20,12 @@
   },
   "devDependencies": {
     "code": "^1.5.0",
-    "eslint": "^1.8.0",
-    "eslint-config-nodesecurity": "^1.1.0",
-    "eslint-plugin-hapi": "^2.0.0",
+    "eslint": "^2.5.3",
+    "eslint-config-nodesecurity": "^1.3.1",
+    "eslint-plugin-hapi": "^1.2.2",
     "git-validate": "^2.1.0",
-    "lab": "^6.1.0",
-    "nock": "^2.15.0",
+    "lab": "^6.2.0",
+    "nock": "^7.7.2",
     "shrinkydink": "^1.0.0"
   },
   "keywords": [

test/unit.js

@@ -5,6 +5,7 @@ var Lab = require('lab');
 var Nock = require('nock');
 var Path = require('path');
 var Check = require('../lib/check.js');
+var Pkg = require('../package.json');
 
 var lab = exports.lab = Lab.script();
 var describe = lab.describe;
@@ -16,7 +17,7 @@ var workingOptions = {
   shrinkwrap: Path.resolve(__dirname, './data/npm-shrinkwrap.json')
 };
 
-var findings = require('./data/findings.json');
+var Findings = require('./data/findings.json');
 
 var exceptions = ['https://nodesecurity.io/advisories/39', 'https://nodesecurity.io/advisories/9000'];
 
@@ -98,12 +99,12 @@ describe('check', function () {
 
     Nock('https://api.nodesecurity.io')
       .post('/check')
-      .reply(200, findings);
+      .reply(200, Findings);
 
     Check(workingOptions, function (err, results) {
 
       expect(err).to.not.exist();
-      expect(results).to.deep.include(findings);
+      expect(results).to.deep.include(Findings);
       done();
     });
   });
@@ -112,12 +113,12 @@ describe('check', function () {
 
     Nock('https://api.nodesecurity.io')
       .post('/check')
-      .reply(200, findings);
+      .reply(200, Findings);
 
     Check({ package: require(workingOptions.package), shrinkwrap: require(workingOptions.shrinkwrap) }, function (err, results) {
 
       expect(err).to.not.exist();
-      expect(results).to.deep.include(findings);
+      expect(results).to.deep.include(Findings);
       done();
     });
   });
@@ -150,7 +151,7 @@ describe('check', function () {
         shrinkwrap: require(workingOptions.shrinkwrap),
         exceptions: exceptions
       }))
-      .reply(200, findings);
+      .reply(200, Findings);
 
     Check(options, function (err, results) {
 
@@ -211,7 +212,7 @@ describe('check', function () {
     });
   });
 
-  it('Uses proxy', function (done) {
+  it('Uses proxy from nsprc', function (done) {
 
     var options = {
       package: workingOptions.package,
@@ -228,4 +229,42 @@ describe('check', function () {
       done();
     });
   });
+
+  it('Uses proxy from env vars', function (done) {
+
+    process.env.https_proxy = process.env.HTTPS_PROXY = 'http://127.0.0.1:8080';
+
+    var options = {
+      package: workingOptions.package,
+      shrinkwrap: workingOptions.shrinkwrap
+    };
+
+    Nock('http://127.0.0.1:8080')
+      .post('/check')
+      .reply(200);
+
+    Check(options, function (err, results) {
+
+      done();
+    });
+  });
+
+  it('Includes X-NSP-VERSION in headers', function (done) {
+
+    Nock('https://api.nodesecurity.io', {
+      reqheaders: {
+        'X-NSP-VERSION': Pkg.version
+      }
+    })
+      .post('/check')
+      .reply(200, Findings);
+
+    Check(workingOptions, function (err, results) {
+
+      expect(err).to.not.exist();
+      done();
+    });
+  });
+
+
 });