audit: add support for --parseable output (#20554)

PR-URL: https://github.com/npm/npm/pull/20554
Credit: @luislobo
Reviewed-By: @zkat
Reviewed-By: @iarna

3 files changed, 31 insertions, 5 deletions

diff --git a/doc/cli/npm-audit.md b/doc/cli/npm-audit.md
index 3bb13259d..4c6d71741 100644
--- a/doc/cli/npm-audit.md
+++ b/doc/cli/npm-audit.md
@@ -3,7 +3,7 @@ npm-audit(1) -- Run a security audit
 
 ## SYNOPSIS
 
-    npm audit [--json]
+    npm audit [--json|--parseable]
     npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
 
 ## EXAMPLES
@@ -48,6 +48,18 @@ Get the detailed audit report in JSON format:
 $ npm audit --json
 ```
 
+Get the detailed audit report in plain text result, separated by tab characters, allowing for
+future reuse in scripting or command line post processing, like for example, selecting
+some of the columns printed:
+```
+$ npm audit --parseable
+```
+
+To parse columns, you can use for example `awk`, and just print some of them:
+```
+$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
+```
+
 ## DESCRIPTION
 
 The audit command submits a description of the dependencies configured in
diff --git a/lib/audit.js b/lib/audit.js
index e34a50eef..231b65d7b 100644
--- a/lib/audit.js
+++ b/lib/audit.js
@@ -104,7 +104,7 @@ function maybeReadFile (name) {
       }
     })
     .catch({code: 'ENOENT'}, () => null)
-    .catch(ex => {
+    .catch((ex) => {
       ex.file = file
       throw ex
     })
@@ -156,7 +156,7 @@ function auditCmd (args, cb) {
       (pkgJson && pkgJson.dependencies) || {},
       (pkgJson && pkgJson.devDependencies) || {}
     )
-    return lockVerify(npm.prefix).then(result => {
+    return lockVerify(npm.prefix).then((result) => {
       if (result.status) return audit.generate(sw, requires)
 
       const lockFile = shrinkwrap ? 'npm-shrinkwrap.json' : 'package-lock.json'
@@ -167,7 +167,7 @@ function auditCmd (args, cb) {
     })
   }).then((auditReport) => {
     return audit.submitForFullReport(auditReport)
-  }).catch(err => {
+  }).catch((err) => {
     if (err.statusCode === 404 || err.statusCode >= 500) {
       const ne = new Error(`Your configured registry (${npm.config.get('registry')}) does not support audit requests.`)
       ne.code = 'ENOAUDIT'
@@ -262,7 +262,11 @@ function auditCmd (args, cb) {
         auditResult.metadata.vulnerabilities.high +
         auditResult.metadata.vulnerabilities.critical
       if (vulns > 0) process.exitCode = 1
-      return audit.printFullReport(auditResult)
+      if (npm.config.get('parseable')) {
+        return audit.printParseableReport(auditResult)
+      } else {
+        return audit.printFullReport(auditResult)
+      }
     }
   }).asCallback(cb)
 }
diff --git a/lib/install/audit.js b/lib/install/audit.js
index 4be59ca7c..23a60beb3 100644
--- a/lib/install/audit.js
+++ b/lib/install/audit.js
@@ -4,6 +4,7 @@ exports.generateFromInstall = generateFromInstall
 exports.submitForInstallReport = submitForInstallReport
 exports.submitForFullReport = submitForFullReport
 exports.printInstallReport = printInstallReport
+exports.printParseableReport = printParseableReport
 exports.printFullReport = printFullReport
 
 const Bluebird = require('bluebird')
@@ -112,6 +113,15 @@ function printFullReport (auditResult) {
   }).then(result => output(result.report))
 }
 
+function printParseableReport (auditResult) {
+  return auditReport(auditResult, {
+    log: output,
+    reporter: 'parseable',
+    withColor: npm.color,
+    withUnicode: npm.config.get('unicode')
+  }).then(result => output(result.report))
+}
+
 function generate (shrinkwrap, requires, diffs, install, remove) {
   const sw = cloneDeep(shrinkwrap)
   delete sw.lockfileVersion