Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
 * properly track which vuln was printed to remove duplicates
  • Loading branch information
wraithgar authored and lukekarrys committed Mar 28, 2022
1 parent c33b533 commit 6a4c8ff
Show file tree
Hide file tree
Showing 8 changed files with 54 additions and 39 deletions.
2 changes: 1 addition & 1 deletion node_modules/npm-audit-report/lib/colors.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,6 @@ module.exports = color => {
magenta,
yellow,
white,
severity
severity,
}
}
2 changes: 1 addition & 1 deletion node_modules/npm-audit-report/lib/exit-code.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ const severities = new Map(Object.entries([
'moderate',
'high',
'critical',
'none'
'none',
]).map(s => s.reverse()))

module.exports = (data, level) =>
Expand Down
12 changes: 7 additions & 5 deletions node_modules/npm-audit-report/lib/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const reporters = {
install: require('./reporters/install'),
detail: require('./reporters/detail'),
json: require('./reporters/json'),
quiet: require('./reporters/quiet')
quiet: require('./reporters/quiet'),
}

const exitCode = require('./exit-code.js')
Expand All @@ -20,20 +20,22 @@ module.exports = Object.assign((data, options = {}) => {
// CLI defaults this to `null` so the defaulting method above doesn't work
const auditLevel = options.auditLevel || 'low'

if (!data)
if (!data) {
throw Object.assign(
new TypeError('ENOAUDITDATA'),
{
code: 'ENOAUDITDATA',
message: 'missing audit data'
message: 'missing audit data',
}
)
}

if (typeof data.toJSON === 'function')
if (typeof data.toJSON === 'function') {
data = data.toJSON()
}

return {
report: reporters[reporter](data, { color, unicode, indent }),
exitCode: exitCode(data, auditLevel)
exitCode: exitCode(data, auditLevel),
}
}, { reporters })
22 changes: 12 additions & 10 deletions node_modules/npm-audit-report/lib/reporters/detail.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,28 +6,30 @@ const install = require('./install.js')
module.exports = (data, { color }) => {
const summary = install.summary(data, { color })
const none = data.metadata.vulnerabilities.total === 0
return none ? summary : fullReport(data, {color, summary})
return none ? summary : fullReport(data, { color, summary })
}

const fullReport = (data, { color, summary }) => {
const c = colors(color)
const output = [c.white('# npm audit report'), '']

const printed = new Set()
for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
for (const [, vuln] of Object.entries(data.vulnerabilities)) {
// only print starting from the top-level advisories
if (vuln.via.filter(v => typeof v !== 'string').length !== 0)
output.push(printVuln(vuln, c, data.vulnerabilities))
if (vuln.via.filter(v => typeof v !== 'string').length !== 0) {
output.push(printVuln(vuln, c, data.vulnerabilities, printed))
}
}

output.push(summary)

return output.join('\n')
}

const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') => {
if (printed.has(vuln))
const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => {
if (printed.has(vuln)) {
return null
}

printed.add(vuln)
const output = []
Expand Down Expand Up @@ -59,7 +61,7 @@ const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') =
`${c.yellow('fix available')} via \`npm audit fix --force\``,
`Will install ${fa.name}@${fa.version}` +
`, which is ${fa.isSemVerMajor ? 'a breaking change' :
'outside the stated dependency range' }`
'outside the stated dependency range'}`
)
}
}
Expand All @@ -70,10 +72,10 @@ const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') =
}

for (const effect of vuln.effects) {
const vuln = vulnerabilities[effect]
const e = printVuln(vuln, c, vulnerabilities, printed, ' ')
if (e)
const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, ' ')
if (e) {
output.push(...e.split('\n'))
}
}

if (indent === '') {
Expand Down
10 changes: 5 additions & 5 deletions node_modules/npm-audit-report/lib/reporters/install.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ const colors = require('../colors.js')
const calculate = (data, { color }) => {
const c = colors(color)
const output = []
const { metadata: { vulnerabilities }} = data
const { metadata: { vulnerabilities } } = data
const vulnCount = vulnerabilities.total

let someFixable = false
Expand All @@ -14,7 +14,7 @@ const calculate = (data, { color }) => {
if (vulnCount === 0) {
output.push(`found ${c.green('0')} vulnerabilities`)
} else {
for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
for (const [, vuln] of Object.entries(data.vulnerabilities)) {
const { fixAvailable } = vuln
someFixable = someFixable || fixAvailable === true
someUnfixable = someUnfixable || fixAvailable === false
Expand Down Expand Up @@ -45,7 +45,7 @@ const calculate = (data, { color }) => {
if (someFixable) {
output.push('', 'To address ' +
(someForceFixable || someUnfixable ? 'issues that do not require attention'
: 'all issues') + ', run:\n npm audit fix')
: 'all issues') + ', run:\n npm audit fix')
}

if (someForceFixable) {
Expand All @@ -66,10 +66,10 @@ const calculate = (data, { color }) => {
return {
summary,
report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
: summary
: summary,
}
}

module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
summary: (data, opt) => calculate(data, opt).summary
summary: (data, opt) => calculate(data, opt).summary,
})
27 changes: 19 additions & 8 deletions node_modules/npm-audit-report/package.json
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
{
"name": "npm-audit-report",
"version": "2.1.5",
"version": "3.0.0",
"description": "Given a response from the npm security api, render it into a variety of security reports",
"main": "lib/index.js",
"scripts": {
"test": "tap",
"snap": "tap",
"preversion": "npm test",
"postversion": "npm publish",
"prepublishOnly": "git push origin --follow-tags"
"prepublishOnly": "git push origin --follow-tags",
"lint": "eslint \"**/*.js\"",
"postlint": "template-oss-check",
"template-oss-apply": "template-oss-apply --force",
"lintfix": "npm run lint -- --fix",
"posttest": "npm run lint"
},
"tap": {
"check-coverage": true,
Expand All @@ -20,33 +25,39 @@
"report",
"audit"
],
"author": "Adam Baldwin",
"author": "GitHub Inc.",
"license": "ISC",
"dependencies": {
"chalk": "^4.0.0"
},
"devDependencies": {
"@npmcli/eslint-config": "^3.0.1",
"@npmcli/template-oss": "3.1.2",
"require-inject": "^1.4.4",
"tap": "^14.10.7"
"tap": "^16.0.0"
},
"directories": {
"lib": "lib",
"test": "test"
},
"repository": {
"type": "git",
"url": "git+https://github.com/npm/npm-audit-report.git"
"url": "https://github.com/npm/npm-audit-report.git"
},
"bugs": {
"url": "https://github.com/npm/npm-audit-report/issues"
},
"homepage": "https://github.com/npm/npm-audit-report#readme",
"files": [
"index.js",
"lib",
"bin/",
"lib/",
"reporters"
],
"engines": {
"node": ">=10"
"node": "^12.13.0 || ^14.15.0 || >=16.0.0"
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "3.1.2"
}
}
16 changes: 8 additions & 8 deletions package-lock.json
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@
"ms": "^2.1.2",
"node-gyp": "^9.0.0",
"nopt": "^5.0.0",
"npm-audit-report": "^2.1.5",
"npm-audit-report": "^3.0.0",
"npm-install-checks": "^4.0.0",
"npm-package-arg": "^9.0.1",
"npm-pick-manifest": "^7.0.0",
Expand Down Expand Up @@ -5325,15 +5325,15 @@
}
},
"node_modules/npm-audit-report": {
"version": "2.1.5",
"resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-2.1.5.tgz",
"integrity": "sha512-YB8qOoEmBhUH1UJgh1xFAv7Jg1d+xoNhsDYiFQlEFThEBui0W1vIz2ZK6FVg4WZjwEdl7uBQlm1jy3MUfyHeEw==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-3.0.0.tgz",
"integrity": "sha512-tWQzfbwz1sc4244Bx2BVELw0EmZlCsCF0X93RDcmmwhonCsPMoEviYsi+32R+mdRvOWXolPce9zo64n2xgPESw==",
"inBundle": true,
"dependencies": {
"chalk": "^4.0.0"
},
"engines": {
"node": ">=10"
"node": "^12.13.0 || ^14.15.0 || >=16.0.0"
}
},
"node_modules/npm-bundled": {
Expand Down Expand Up @@ -14812,9 +14812,9 @@
"dev": true
},
"npm-audit-report": {
"version": "2.1.5",
"resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-2.1.5.tgz",
"integrity": "sha512-YB8qOoEmBhUH1UJgh1xFAv7Jg1d+xoNhsDYiFQlEFThEBui0W1vIz2ZK6FVg4WZjwEdl7uBQlm1jy3MUfyHeEw==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-3.0.0.tgz",
"integrity": "sha512-tWQzfbwz1sc4244Bx2BVELw0EmZlCsCF0X93RDcmmwhonCsPMoEviYsi+32R+mdRvOWXolPce9zo64n2xgPESw==",
"requires": {
"chalk": "^4.0.0"
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@
"ms": "^2.1.2",
"node-gyp": "^9.0.0",
"nopt": "^5.0.0",
"npm-audit-report": "^2.1.5",
"npm-audit-report": "^3.0.0",
"npm-install-checks": "^4.0.0",
"npm-package-arg": "^9.0.1",
"npm-pick-manifest": "^7.0.0",
Expand Down

0 comments on commit 6a4c8ff

Please sign in to comment.