fix(arborist): do not audit in offline mode (#4410)

2 files changed, 19 insertions, 1 deletions

diff --git a/workspaces/arborist/lib/audit-report.js b/workspaces/arborist/lib/audit-report.js
index 53fc5b17a..b7d8249b1 100644
--- a/workspaces/arborist/lib/audit-report.js
+++ b/workspaces/arborist/lib/audit-report.js
@@ -304,7 +304,7 @@ class AuditReport extends Map {
 
   async [_getReport] () {
     // if we're not auditing, just return false
-    if (this.options.audit === false || this.tree.inventory.size === 1) {
+    if (this.options.audit === false || this.options.offline === true || this.tree.inventory.size === 1) {
       return null
     }
 
diff --git a/workspaces/arborist/test/audit-report.js b/workspaces/arborist/test/audit-report.js
index 062300b02..16ea7e13b 100644
--- a/workspaces/arborist/test/audit-report.js
+++ b/workspaces/arborist/test/audit-report.js
@@ -260,6 +260,24 @@ t.test('audit disabled by config', async t => {
   t.equal(report.error, null, 'no error encountered')
 })
 
+t.test('audit disabled by offline mode', async t => {
+  const path = resolve(fixtures, 'audit-nyc-mkdirp')
+
+  const logs = []
+  const onlog = (...msg) => logs.push(msg)
+  process.on('log', onlog)
+  t.teardown(() => process.removeListener('log', onlog))
+
+  const arb = newArb(path, { offline: true })
+
+  const tree = await arb.loadVirtual()
+  const report = await AuditReport.load(tree, arb.options)
+  t.equal(report.report, null, 'did not get audit response')
+  t.equal(report.size, 0, 'did not find any vulnerabilities')
+  t.match(logs, [], 'no logs of error')
+  t.equal(report.error, null, 'no error encountered')
+})
+
 t.test('one vulnerability', async t => {
   const path = resolve(fixtures, 'audit-one-vuln')
   const auditFile = resolve(path, 'audit.json')