diff --git a/bin/nsp b/bin/nsp index c918988..dd71b96 100755 --- a/bin/nsp +++ b/bin/nsp @@ -18,7 +18,7 @@ 'use strict'; -var subcommand = require('subcommand'); +var Subcommand = require('subcommand'); var usage = require('../lib/utils/usage.js')('root.txt'); var config = { @@ -34,5 +34,5 @@ var config = { } }; -var route = subcommand(config); +var route = Subcommand(config); route(process.argv.slice(2)); diff --git a/contributing.md b/contributing.md new file mode 100644 index 0000000..918f69c --- /dev/null +++ b/contributing.md @@ -0,0 +1,19 @@ +# Contributing + +When making a pull request for this repo, please make sure of a few things + +- tests and linting should pass for you locally. We have CI tests that also enforce this. +- rebuild the shrinkwrap file if you're changing any dependencies. + +## Rebuilding the shrinkwrap + +Because of the differences beween npm versions 2 and 3, you will want to use npm 2. A shrinkwrap built under npm 2 will also work under npm 3. A shrinkwrap built under npm 3 will *not* work under npm 2. + +The simplest way to build a new shrinkwrap is to start with an empty node_modules. Once you've done that and have made sure you're using npm 2: + +```sh +$ npm install +$ npm run shrinkwrap +``` + +Note that it is `npm run shrinkwrap` not `npm shrinkwrap`. This is because we have a shrinkwrap script that not only runs the shrinkwrap itself but also runs `shrinkydink`, a post-processor that cleans out some unneeded info we don't want. diff --git a/lib/check.js b/lib/check.js index 32325cb..4cfdaf6 100644 --- a/lib/check.js +++ b/lib/check.js @@ -7,9 +7,17 @@ var ProxyAgent = require('https-proxy-agent'); var Semver = require('semver'); var Path = require('path'); var Wreck = require('wreck'); -var pathIsAbsolute = require('path-is-absolute'); - -var Conf = require('rc')('nsp', { api: { baseUrl: 'https://api.nodesecurity.io', json: true } }, []); +var PathIsAbsolute = require('path-is-absolute'); + +var Conf = require('rc')('nsp', { + api: { + baseUrl: 'https://api.nodesecurity.io', + json: true, + headers: { + 'X-NSP-VERSION': require('../package.json').version + } + } +}, []); var internals = {}; internals.findLines = function (shrinkwrap, module, version) { @@ -60,6 +68,7 @@ module.exports = function (options, callback) { } options.proxy = options.proxy || Conf.proxy; + options.proxy = options.proxy || process.env.https_proxy || process.env.HTTPS_PROXY; if (options.proxy) { Conf.api.agent = new ProxyAgent(options.proxy); delete options.proxy; @@ -115,7 +124,7 @@ module.exports = function (options, callback) { } try { if (advisoriesPath) { - if (!pathIsAbsolute(advisoriesPath)) { + if (!PathIsAbsolute(advisoriesPath)) { advisoriesPath = Path.resolve(process.cwd(), advisoriesPath); } diff --git a/lib/formatters/default.js b/lib/formatters/default.js index 7f9d46d..4bf7a6f 100644 --- a/lib/formatters/default.js +++ b/lib/formatters/default.js @@ -9,7 +9,7 @@ module.exports = function (err, data) { if (err) { if (data) { - returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(data) + '\n'; + returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(Buffer.isBuffer(data) ? data.toString() : data) + '\n'; } return returnString + Chalk.yellow('(+) ') + err; diff --git a/lib/formatters/json.js b/lib/formatters/json.js index fd52b99..7920f18 100644 --- a/lib/formatters/json.js +++ b/lib/formatters/json.js @@ -3,7 +3,7 @@ module.exports = function (err, data) { if (err) { - return 'Debug output: ' + JSON.stringify(data) + '\n' + JSON.stringify(err); + return 'Debug output: ' + JSON.stringify(Buffer.isBuffer(data) ? data.toString() : data) + '\n' + JSON.stringify(err); } return JSON.stringify(data, null, 2); diff --git a/lib/formatters/summary.js b/lib/formatters/summary.js index a6a68c5..b835a0d 100644 --- a/lib/formatters/summary.js +++ b/lib/formatters/summary.js @@ -9,7 +9,7 @@ module.exports = function (err, data) { if (err) { if (data) { - returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(data) + '\n'; + returnString += Chalk.red('(+) ') + 'Debug output: ' + JSON.stringify(Buffer.isBuffer(data) ? data.toString() : data) + '\n'; } return returnString + Chalk.yellow('(+) ') + err; diff --git a/lib/utils/usage.js b/lib/utils/usage.js index 27b8753..44bebaa 100644 --- a/lib/utils/usage.js +++ b/lib/utils/usage.js @@ -1,11 +1,11 @@ 'use strict'; -var fs = require('fs'); -var path = require('path'); +var Fs = require('fs'); +var Path = require('path'); var usage = function (location) { - console.error(fs.readFileSync(path.join(__dirname, '../../', 'usage', location)).toString()); + console.error(Fs.readFileSync(Path.join(__dirname, '../../', 'usage', location)).toString()); }; module.exports = function (location) { diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 1e0d1c0..539ae92 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -1,17 +1,12 @@ { "name": "nsp", - "version": "2.2.2", + "version": "2.3.0", "dependencies": { "chalk": { - "version": "1.1.1", + "version": "1.1.3", "dependencies": { "ansi-styles": { - "version": "2.2.1", - "dependencies": { - "color-convert": { - "version": "1.0.0" - } - } + "version": "2.2.1" }, "escape-string-regexp": { "version": "1.0.5" @@ -87,7 +82,7 @@ } }, "nodesecurity-npm-utils": { - "version": "3.2.0", + "version": "4.0.1", "dependencies": { "silent-npm-registry-client": { "version": "2.0.0", @@ -108,13 +103,13 @@ "version": "0.0.6" }, "readable-stream": { - "version": "2.0.5", + "version": "2.0.6", "dependencies": { "core-util-is": { "version": "1.0.2" }, "isarray": { - "version": "0.0.1" + "version": "1.0.0" }, "process-nextick-args": { "version": "1.0.6" @@ -206,7 +201,7 @@ "version": "1.3.2", "dependencies": { "lru-cache": { - "version": "4.0.0", + "version": "4.0.1", "dependencies": { "pseudomap": { "version": "1.0.2" @@ -222,7 +217,7 @@ "version": "1.0.3", "dependencies": { "readable-stream": { - "version": "2.0.5", + "version": "2.0.6", "dependencies": { "core-util-is": { "version": "1.0.2" @@ -231,7 +226,7 @@ "version": "2.0.1" }, "isarray": { - "version": "0.0.1" + "version": "1.0.0" }, "process-nextick-args": { "version": "1.0.6" @@ -264,7 +259,7 @@ "version": "0.6.1" }, "form-data": { - "version": "1.0.0-rc3", + "version": "1.0.0-rc4", "dependencies": { "async": { "version": "1.5.2" @@ -366,7 +361,7 @@ "version": "0.1.0" }, "tweetnacl": { - "version": "0.14.1" + "version": "0.14.3" }, "jodid25519": { "version": "1.0.2" @@ -408,7 +403,7 @@ "version": "0.0.5" }, "tough-cookie": { - "version": "2.2.1" + "version": "2.2.2" }, "tunnel-agent": { "version": "0.4.2" @@ -459,19 +454,19 @@ "version": "1.1.6" }, "npmlog": { - "version": "2.0.2", + "version": "2.0.3", "dependencies": { "ansi": { "version": "0.3.1" }, "are-we-there-yet": { - "version": "1.0.6", + "version": "1.1.2", "dependencies": { "delegates": { "version": "1.0.0" }, "readable-stream": { - "version": "2.0.5", + "version": "2.0.6", "dependencies": { "core-util-is": { "version": "1.0.2" @@ -480,7 +475,7 @@ "version": "2.0.1" }, "isarray": { - "version": "0.0.1" + "version": "1.0.0" }, "process-nextick-args": { "version": "1.0.6" diff --git a/package.json b/package.json index 38cb3d1..d7f204e 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "nsp", "description": "The Node Security (nodesecurity.io) command line interface", - "version": "2.2.2", + "version": "2.3.0", "author": "^lift security", "bin": { "nsp": "bin/nsp" @@ -11,7 +11,7 @@ "cli-table": "^0.3.1", "https-proxy-agent": "^1.0.0", "joi": "^6.9.1", - "nodesecurity-npm-utils": "^3.2.0", + "nodesecurity-npm-utils": "^4.0.1", "path-is-absolute": "^1.0.0", "rc": "^1.1.2", "semver": "^5.0.3", @@ -20,12 +20,12 @@ }, "devDependencies": { "code": "^1.5.0", - "eslint": "^1.8.0", - "eslint-config-nodesecurity": "^1.1.0", - "eslint-plugin-hapi": "^2.0.0", + "eslint": "^2.5.3", + "eslint-config-nodesecurity": "^1.3.1", + "eslint-plugin-hapi": "^1.2.2", "git-validate": "^2.1.0", - "lab": "^6.1.0", - "nock": "^2.15.0", + "lab": "^6.2.0", + "nock": "^7.7.2", "shrinkydink": "^1.0.0" }, "keywords": [ diff --git a/test/unit.js b/test/unit.js index aee432d..c79e722 100644 --- a/test/unit.js +++ b/test/unit.js @@ -5,6 +5,7 @@ var Lab = require('lab'); var Nock = require('nock'); var Path = require('path'); var Check = require('../lib/check.js'); +var Pkg = require('../package.json'); var lab = exports.lab = Lab.script(); var describe = lab.describe; @@ -16,7 +17,7 @@ var workingOptions = { shrinkwrap: Path.resolve(__dirname, './data/npm-shrinkwrap.json') }; -var findings = require('./data/findings.json'); +var Findings = require('./data/findings.json'); var exceptions = ['https://nodesecurity.io/advisories/39', 'https://nodesecurity.io/advisories/9000']; @@ -98,12 +99,12 @@ describe('check', function () { Nock('https://api.nodesecurity.io') .post('/check') - .reply(200, findings); + .reply(200, Findings); Check(workingOptions, function (err, results) { expect(err).to.not.exist(); - expect(results).to.deep.include(findings); + expect(results).to.deep.include(Findings); done(); }); }); @@ -112,12 +113,12 @@ describe('check', function () { Nock('https://api.nodesecurity.io') .post('/check') - .reply(200, findings); + .reply(200, Findings); Check({ package: require(workingOptions.package), shrinkwrap: require(workingOptions.shrinkwrap) }, function (err, results) { expect(err).to.not.exist(); - expect(results).to.deep.include(findings); + expect(results).to.deep.include(Findings); done(); }); }); @@ -150,7 +151,7 @@ describe('check', function () { shrinkwrap: require(workingOptions.shrinkwrap), exceptions: exceptions })) - .reply(200, findings); + .reply(200, Findings); Check(options, function (err, results) { @@ -211,7 +212,7 @@ describe('check', function () { }); }); - it('Uses proxy', function (done) { + it('Uses proxy from nsprc', function (done) { var options = { package: workingOptions.package, @@ -228,4 +229,42 @@ describe('check', function () { done(); }); }); + + it('Uses proxy from env vars', function (done) { + + process.env.https_proxy = process.env.HTTPS_PROXY = 'http://127.0.0.1:8080'; + + var options = { + package: workingOptions.package, + shrinkwrap: workingOptions.shrinkwrap + }; + + Nock('http://127.0.0.1:8080') + .post('/check') + .reply(200); + + Check(options, function (err, results) { + + done(); + }); + }); + + it('Includes X-NSP-VERSION in headers', function (done) { + + Nock('https://api.nodesecurity.io', { + reqheaders: { + 'X-NSP-VERSION': Pkg.version + } + }) + .post('/check') + .reply(200, Findings); + + Check(workingOptions, function (err, results) { + + expect(err).to.not.exist(); + done(); + }); + }); + + });