npm-audit-report@1.0.8

Credit: @evilpacket
author: Rebecca Turner <me@re-becca.org> 2018-05-03 00:57:29 +0300
committer: Rebecca Turner <me@re-becca.org> 2018-05-04 02:50:53 +0300
commit: 5e56b3209c4719e3c4d7f0d9346dfca3881a5d34 (patch)
tree: 33f56a371ce49ecf55e298e43069d986ae943bc1 /node_modules/npm-audit-report
parent: 7e679fdc862a7176c290b51db91b189f5c6a0c95 (diff)
13 files changed, 482 insertions, 70 deletions
diff --git a/node_modules/npm-audit-report/.travis.yml b/node_modules/npm-audit-report/.travis.yml
new file mode 100644
index 000000000..db5ea8b01
--- /dev/null
+++ b/node_modules/npm-audit-report/.travis.yml
@@ -0,0 +1,7 @@
+language: node_js
+sudo: false
+node_js:
+  - "10"
+  - "9"
+  - "8"
+  - "6"
diff --git a/node_modules/npm-audit-report/README.md b/node_modules/npm-audit-report/README.md
index 3cc65cf8e..69a9c28e8 100644
--- a/node_modules/npm-audit-report/README.md
+++ b/node_modules/npm-audit-report/README.md
@@ -1,12 +1,15 @@
-
 # npm audit security report
 
 Given a response from the npm security api, render it into a variety of security reports
 
+[![Build Status](https://travis-ci.org/npm/npm-audit-report.svg?branch=master)](https://travis-ci.org/npm/npm-audit-report)
+[![Build status](https://ci.appveyor.com/api/projects/status/qictiokvxmqkiuvi/branch/master?svg=true)](https://ci.appveyor.com/project/evilpacket/npm-audit-report/branch/master)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-audit-report/badge.svg?branch=master)](https://coveralls.io/github/npm/npm-audit-report?branch=master)
+
 The response is an object that contains an output string (the report) and a suggested exitCode.
 ```
 {
-  output: 'string that contains the security report',
+  report: 'string that contains the security report',
   exit: 1
 }
 ```
@@ -19,7 +22,7 @@ The response is an object that contains an output string (the report) and a sugg
 const Report = require('npm-audit-report')
 
 Report(response, options, (result) => {
-  console.log(result.output)
+  console.log(result.report)
   process.exitCode = result.exitCode
 })
 ```
@@ -30,11 +33,6 @@ Report(response, options, (result) => {
 reporter: 
   specify which output format you want to use (install, detail, json)
 
-severityThreshold: 
-  specifies the severity threshold for reporting. Possible values include info, low, moderate, high, critical
-
-  example: If you specify high, then only vulnerabilities with high and critical would be displayed.
-
 withColor: 
   true || false indicates if some report elements should use colors or not
 
diff --git a/node_modules/npm-audit-report/appveyor.yml b/node_modules/npm-audit-report/appveyor.yml
new file mode 100644
index 000000000..9cc64c58e
--- /dev/null
+++ b/node_modules/npm-audit-report/appveyor.yml
@@ -0,0 +1,22 @@
+environment:
+  matrix:
+    - nodejs_version: "10"
+    - nodejs_version: "9"
+    - nodejs_version: "8"
+    - nodejs_version: "6"
+
+platform:
+  - x64
+
+install:
+  - ps: Install-Product node $env:nodejs_version $env:platform
+  - npm config set spin false
+  - npm install
+
+test_script:
+  - npm test
+
+matrix:
+  fast_finish: true
+
+build: off
diff --git a/node_modules/npm-audit-report/index.js b/node_modules/npm-audit-report/index.js
index 57ca68bdf..2e0f21abb 100644
--- a/node_modules/npm-audit-report/index.js
+++ b/node_modules/npm-audit-report/index.js
@@ -3,7 +3,8 @@
 const reporters = {
   install: require('./reporters/install'),
   detail: require('./reporters/detail'),
-  json: require('./reporters/json')
+  json: require('./reporters/json'),
+  quiet: require('./reporters/quiet')
 }
 
 const report = function (data, options) {
diff --git a/node_modules/npm-audit-report/lib/utils.js b/node_modules/npm-audit-report/lib/utils.js
index cfa85255d..7ca192096 100644
--- a/node_modules/npm-audit-report/lib/utils.js
+++ b/node_modules/npm-audit-report/lib/utils.js
@@ -1,29 +1,35 @@
 'use strict'
+exports.severityLabel = severityLabel
+exports.color = color
 
-const colors = require('ansicolors')
+const ccs = require('console-control-strings')
 
 const severityColors = {
-  critical: colors.magenta,
-  high: colors.red,
-  moderate: colors.yellow,
-  low: function (str) { return str }
-}
-
-const severityLabel = function (sev, withColor) {
-  if (withColor) {
-    return severityColors[sev](sev)
+  critical: {
+    color: 'brightMagenta',
+    label: 'Critical'
+  },
+  high: {
+    color: 'brightRed',
+    label: 'High'
+  },
+  moderate: {
+    color: 'brightYellow',
+    label: 'Moderate'
+  },
+  low: {
+    color: 'bold',
+    label: 'Low'
   }
-  return sev
 }
 
-const color = function (value, color, withColor) {
-  if (withColor) {
-    return colors[color](value)
+function color (value, colorName, withColor, bold = false) {
+  if (bold) {
+    return (colorName && withColor) ? ccs.color(colorName, 'bold') + value + ccs.color('reset') : value
   }
-  return value
+  return (colorName && withColor) ? ccs.color(colorName) + value + ccs.color('reset') : value
 }
 
-module.exports = {
-  severityLabel: severityLabel,
-  color: color
+function severityLabel (sev, withColor, bold = false) {
+  return color(severityColors[sev].label, severityColors[sev].color, withColor, bold)
 }
diff --git a/node_modules/npm-audit-report/node_modules/console-control-strings/LICENSE b/node_modules/npm-audit-report/node_modules/console-control-strings/LICENSE
new file mode 100644
index 000000000..e75605296
--- /dev/null
+++ b/node_modules/npm-audit-report/node_modules/console-control-strings/LICENSE
@@ -0,0 +1,13 @@
+Copyright (c) 2014, Rebecca Turner <me@re-becca.org>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/npm-audit-report/node_modules/console-control-strings/README.md b/node_modules/npm-audit-report/node_modules/console-control-strings/README.md
new file mode 100644
index 000000000..f58cc8d89
--- /dev/null
+++ b/node_modules/npm-audit-report/node_modules/console-control-strings/README.md
@@ -0,0 +1,145 @@
+# Console Control Strings
+
+A library of cross-platform tested terminal/console command strings for
+doing things like color and cursor positioning.  This is a subset of both
+ansi and vt100.  All control codes included work on both Windows & Unix-like
+OSes, except where noted.
+
+## Usage
+
+```js
+var consoleControl = require('console-control-strings')
+
+console.log(consoleControl.color('blue','bgRed', 'bold') + 'hi there' + consoleControl.color('reset'))
+process.stdout.write(consoleControl.goto(75, 10))
+```
+
+## Why Another?
+
+There are tons of libraries similar to this one.  I wanted one that was:
+
+1. Very clear about compatibility goals.
+2. Could emit, for instance, a start color code without an end one.
+3. Returned strings w/o writing to streams.
+4. Was not weighed down with other unrelated baggage.
+
+## Functions
+
+### var code = consoleControl.up(_num = 1_)
+
+Returns the escape sequence to move _num_ lines up.
+
+### var code = consoleControl.down(_num = 1_)
+
+Returns the escape sequence to move _num_ lines down.
+
+### var code = consoleControl.forward(_num = 1_)
+
+Returns the escape sequence to move _num_ lines righ.
+
+### var code = consoleControl.back(_num = 1_)
+
+Returns the escape sequence to move _num_ lines left.
+
+### var code = consoleControl.nextLine(_num = 1_)
+
+Returns the escape sequence to move _num_ lines down and to the beginning of
+the line.
+
+### var code = consoleControl.previousLine(_num = 1_)
+
+Returns the escape sequence to move _num_ lines up and to the beginning of
+the line.
+
+### var code = consoleControl.eraseData()
+
+Returns the escape sequence to erase everything from the current cursor
+position to the bottom right of the screen.  This is line based, so it
+erases the remainder of the current line and all following lines.
+
+### var code = consoleControl.eraseLine()
+
+Returns the escape sequence to erase to the end of the current line.
+
+### var code = consoleControl.goto(_x_, _y_)
+
+Returns the escape sequence to move the cursor to the designated position. 
+Note that the origin is _1, 1_ not _0, 0_.
+
+### var code = consoleControl.gotoSOL()
+
+Returns the escape sequence to move the cursor to the beginning of the
+current line. (That is, it returns a carriage return, `\r`.)
+
+### var code = consoleControl.beep()
+
+Returns the escape sequence to cause the termianl to beep.  (That is, it
+returns unicode character `\x0007`, a Control-G.)
+
+### var code = consoleControl.hideCursor()
+
+Returns the escape sequence to hide the cursor.
+
+### var code = consoleControl.showCursor()
+
+Returns the escape sequence to show the cursor.
+
+### var code = consoleControl.color(_colors = []_)
+
+### var code = consoleControl.color(_color1_, _color2_, _…_, _colorn_)
+
+Returns the escape sequence to set the current terminal display attributes
+(mostly colors).  Arguments can either be a list of attributes or an array
+of attributes.  The difference between passing in an array or list of colors
+and calling `.color` separately for each one, is that in the former case a
+single escape sequence will be produced where as in the latter each change
+will have its own distinct escape sequence.  Each attribute can be one of:
+
+* Reset:
+  * **reset** – Reset all attributes to the terminal default.
+* Styles:
+  * **bold** – Display text as bold.  In some terminals this means using a
+    bold font, in others this means changing the color.  In some it means
+    both.
+  * **italic** – Display text as italic. This is not available in most Windows terminals.
+  * **underline** – Underline text. This is not available in most Windows Terminals.
+  * **inverse** – Invert the foreground and background colors.
+  * **stopBold** – Do not display text as bold.
+  * **stopItalic** – Do not display text as italic.
+  * **stopUnderline** – Do not underline text.
+  * **stopInverse** – Do not invert foreground and background.
+* Colors:
+  * **white**
+  * **black**
+  * **blue**
+  * **cyan**
+  * **green**
+  * **magenta**
+  * **red**
+  * **yellow**
+  * **grey** / **brightBlack**
+  * **brightRed**
+  * **brightGreen**
+  * **brightYellow**
+  * **brightBlue**
+  * **brightMagenta**
+  * **brightCyan**
+  * **brightWhite**
+* Background Colors:
+  * **bgWhite**
+  * **bgBlack**
+  * **bgBlue**
+  * **bgCyan**
+  * **bgGreen**
+  * **bgMagenta**
+  * **bgRed**
+  * **bgYellow**
+  * **bgGrey** / **bgBrightBlack**
+  * **bgBrightRed**
+  * **bgBrightGreen**
+  * **bgBrightYellow**
+  * **bgBrightBlue**
+  * **bgBrightMagenta**
+  * **bgBrightCyan**
+  * **bgBrightWhite**
+
diff --git a/node_modules/npm-audit-report/node_modules/console-control-strings/index.js b/node_modules/npm-audit-report/node_modules/console-control-strings/index.js
new file mode 100644
index 000000000..bf890348e
--- /dev/null
+++ b/node_modules/npm-audit-report/node_modules/console-control-strings/index.js
@@ -0,0 +1,125 @@
+'use strict'
+
+// These tables borrowed from `ansi`
+
+var prefix = '\x1b['
+
+exports.up = function up (num) {
+  return prefix + (num || '') + 'A'
+}
+
+exports.down = function down (num) {
+  return prefix + (num || '') + 'B'
+}
+
+exports.forward = function forward (num) {
+  return prefix + (num || '') + 'C'
+}
+
+exports.back = function back (num) {
+  return prefix + (num || '') + 'D'
+}
+
+exports.nextLine = function nextLine (num) {
+  return prefix + (num || '') + 'E'
+}
+
+exports.previousLine = function previousLine (num) {
+  return prefix + (num || '') + 'F'
+}
+
+exports.horizontalAbsolute = function horizontalAbsolute (num) {
+  if (num == null) throw new Error('horizontalAboslute requires a column to position to')
+  return prefix + num + 'G'
+}
+
+exports.eraseData = function eraseData () {
+  return prefix + 'J'
+}
+
+exports.eraseLine = function eraseLine () {
+  return prefix + 'K'
+}
+
+exports.goto = function (x, y) {
+  return prefix + y + ';' + x + 'H'
+}
+
+exports.gotoSOL = function () {
+  return '\r'
+}
+
+exports.beep = function () {
+  return '\x07'
+}
+
+exports.hideCursor = function hideCursor () {
+  return prefix + '?25l'
+}
+
+exports.showCursor = function showCursor () {
+  return prefix + '?25h'
+}
+
+var colors = {
+  reset: 0,
+// styles
+  bold: 1,
+  italic: 3,
+  underline: 4,
+  inverse: 7,
+// resets
+  stopBold: 22,
+  stopItalic: 23,
+  stopUnderline: 24,
+  stopInverse: 27,
+// colors
+  white: 37,
+  black: 30,
+  blue: 34,
+  cyan: 36,
+  green: 32,
+  magenta: 35,
+  red: 31,
+  yellow: 33,
+  bgWhite: 47,
+  bgBlack: 40,
+  bgBlue: 44,
+  bgCyan: 46,
+  bgGreen: 42,
+  bgMagenta: 45,
+  bgRed: 41,
+  bgYellow: 43,
+
+  grey: 90,
+  brightBlack: 90,
+  brightRed: 91,
+  brightGreen: 92,
+  brightYellow: 93,
+  brightBlue: 94,
+  brightMagenta: 95,
+  brightCyan: 96,
+  brightWhite: 97,
+
+  bgGrey: 100,
+  bgBrightBlack: 100,
+  bgBrightRed: 101,
+  bgBrightGreen: 102,
+  bgBrightYellow: 103,
+  bgBrightBlue: 104,
+  bgBrightMagenta: 105,
+  bgBrightCyan: 106,
+  bgBrightWhite: 107
+}
+
+exports.color = function color (colorWith) {
+  if (arguments.length !== 1 || !Array.isArray(colorWith)) {
+    colorWith = Array.prototype.slice.call(arguments)
+  }
+  return prefix + colorWith.map(colorNameToCode).join(';') + 'm'
+}
+
+function colorNameToCode (color) {
+  if (colors[color] != null) return colors[color]
+  throw new Error('Unknown color or style name: ' + color)
+}
diff --git a/node_modules/npm-audit-report/node_modules/console-control-strings/package.json b/node_modules/npm-audit-report/node_modules/console-control-strings/package.json
new file mode 100644
index 000000000..6946923d9
--- /dev/null
+++ b/node_modules/npm-audit-report/node_modules/console-control-strings/package.json
@@ -0,0 +1,60 @@
+{
+  "_from": "console-control-strings@^1.1.0",
+  "_id": "console-control-strings@1.1.0",
+  "_inBundle": false,
+  "_integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=",
+  "_location": "/npm-audit-report/console-control-strings",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "range",
+    "registry": true,
+    "raw": "console-control-strings@^1.1.0",
+    "name": "console-control-strings",
+    "escapedName": "console-control-strings",
+    "rawSpec": "^1.1.0",
+    "saveSpec": null,
+    "fetchSpec": "^1.1.0"
+  },
+  "_requiredBy": [
+    "/npm-audit-report"
+  ],
+  "_resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
+  "_shasum": "3d7cf4464db6446ea644bf4b39507f9851008e8e",
+  "_spec": "console-control-strings@^1.1.0",
+  "_where": "/Users/rebecca/code/npm/node_modules/npm-audit-report",
+  "author": {
+    "name": "Rebecca Turner",
+    "email": "me@re-becca.org",
+    "url": "http://re-becca.org/"
+  },
+  "bugs": {
+    "url": "https://github.com/iarna/console-control-strings/issues"
+  },
+  "bundleDependencies": false,
+  "deprecated": false,
+  "description": "A library of cross-platform tested terminal/console command strings for doing things like color and cursor positioning.  This is a subset of both ansi and vt100.  All control codes included work on both Windows & Unix-like OSes, except where noted.",
+  "devDependencies": {
+    "standard": "^7.1.2",
+    "tap": "^5.7.2"
+  },
+  "directories": {
+    "test": "test"
+  },
+  "files": [
+    "LICENSE",
+    "index.js"
+  ],
+  "homepage": "https://github.com/iarna/console-control-strings#readme",
+  "keywords": [],
+  "license": "ISC",
+  "main": "index.js",
+  "name": "console-control-strings",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/iarna/console-control-strings.git"
+  },
+  "scripts": {
+    "test": "standard && tap test/*.js"
+  },
+  "version": "1.1.0"
+}
diff --git a/node_modules/npm-audit-report/package.json b/node_modules/npm-audit-report/package.json
index 35794647d..39c8aeb87 100644
--- a/node_modules/npm-audit-report/package.json
+++ b/node_modules/npm-audit-report/package.json
@@ -1,8 +1,8 @@
 {
   "_from": "npm-audit-report@latest",
-  "_id": "npm-audit-report@1.0.5",
+  "_id": "npm-audit-report@1.0.8",
   "_inBundle": false,
-  "_integrity": "sha512-xOnLCYj1wk6W5AxwPaHbvChrnVo2KYLEEZMoP3tvuK1fE13NhJa1TVxWj4Tl35+hjC6rQgaEKBWsSatbf2BXLQ==",
+  "_integrity": "sha512-Vs6cUx07vYAirjmmpf4wuofnMrOJtwFsUGxcBpEi+i7qqS8/5OF7i7wcaCbA4/OcG7vGsVPOh3KSWnDb+eWuHA==",
   "_location": "/npm-audit-report",
   "_phantomChildren": {},
   "_requested": {
@@ -19,26 +19,33 @@
     "#USER",
     "/"
   ],
-  "_resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.0.5.tgz",
-  "_shasum": "f16fa7c61459dd660913509685193148ce2cd85f",
+  "_resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.0.8.tgz",
+  "_shasum": "de947e4aa70c5cf56fe7880699f7e62f06960908",
   "_spec": "npm-audit-report@latest",
   "_where": "/Users/rebecca/code/npm",
   "author": {
     "name": "Adam Baldwin"
   },
+  "bugs": {
+    "url": "https://github.com/npm/npm-audit-report/issues"
+  },
   "bundleDependencies": false,
   "dependencies": {
-    "ansicolors": "^0.3.2",
-    "ansistyles": "^0.1.3",
-    "cli-table2": "^0.2.0"
+    "cli-table2": "^0.2.0",
+    "console-control-strings": "^1.1.0"
   },
   "deprecated": false,
   "description": "Given a response from the npm security api, render it into a variety of security reports",
   "devDependencies": {
     "keyfob": "^1.0.0",
-    "standard": "^11.0.0",
-    "tap": "^11.1.1"
+    "standard": "^11.0.1",
+    "tap": "^11.1.4"
+  },
+  "directories": {
+    "lib": "lib",
+    "test": "test"
   },
+  "homepage": "https://github.com/npm/npm-audit-report#readme",
   "keywords": [
     "npm",
     "security",
@@ -48,10 +55,14 @@
   "license": "ISC",
   "main": "index.js",
   "name": "npm-audit-report",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/npm-audit-report.git"
+  },
   "scripts": {
     "lint": "standard",
     "lint:fix": "standard --fix",
     "test": "tap --100 test/*-test.js"
   },
-  "version": "1.0.5"
+  "version": "1.0.8"
 }
diff --git a/node_modules/npm-audit-report/reporters/detail.js b/node_modules/npm-audit-report/reporters/detail.js
index 41e0ab6a7..42930376a 100644
--- a/node_modules/npm-audit-report/reporters/detail.js
+++ b/node_modules/npm-audit-report/reporters/detail.js
@@ -37,13 +37,17 @@ const report = function (data, options) {
 
   const footer = function (metadata) {
     let total = 0
-
-    const severities = Object.entries(metadata.vulnerabilities).filter((value) => {
-      total = total + value[1]
-      if (value[1] > 0) {
-        return true
+    const sev = []
+
+    const keys = Object.keys(metadata.vulnerabilities)
+    for (let key of keys) {
+      const value = metadata.vulnerabilities[key]
+      total = total + value
+      if (value > 0) {
+        sev.push([key, value])
       }
-    }).map((value) => {
+    }
+    const severities = sev.map((value) => {
       return `${value[1]} ${Utils.severityLabel(value[0], false)}`
     }).join(' | ')
 
@@ -51,10 +55,10 @@ const report = function (data, options) {
       exit = 1
     }
     if (total === 0) {
-      log(`${Utils.color('[+]', 'green', config.withColor)} no known vulnerabilities found`)
+      log(`${Utils.color('[+]', 'brightGreen', config.withColor)} no known vulnerabilities found`)
       log(`    Packages audited: ${data.metadata.totalDependencies} (${data.metadata.devDependencies} dev, ${data.metadata.optionalDependencies} optional)`)
     } else {
-      log(`\n${Utils.color('[!]', 'red', config.withColor)} ${total} ${total === 1 ? 'vulnerability' : 'vulnerabilities'} found - Packages audited: ${data.metadata.totalDependencies} (${data.metadata.devDependencies} dev, ${data.metadata.optionalDependencies} optional)`) 
+      log(`\n${Utils.color('[!]', 'brightRed', config.withColor)} ${total} ${total === 1 ? 'vulnerability' : 'vulnerabilities'} found - Packages audited: ${data.metadata.totalDependencies} (${data.metadata.devDependencies} dev, ${data.metadata.optionalDependencies} optional)`)
       log(`    Severity: ${severities}`)
     }
   }
@@ -74,13 +78,9 @@ const report = function (data, options) {
   }
 
   const actions = function (data, config) {
-    const date = new Date()
     reportTitle()
 
-    if (Object.keys(data.advisories).length === 0) {
-      //log(`${Utils.color('[+]', 'green', config.withColor)} no known vulnerabilities found [${data.metadata.totalDependencies} packages audited]`)
-      return
-    } else {
+    if (Object.keys(data.advisories).length !== 0) {
       // vulns found display a report.
 
       let reviewFlag = false
@@ -89,7 +89,7 @@ const report = function (data, options) {
         if (action.action === 'update' || action.action === 'install') {
           const recommendation = getRecommendation(action, config)
           const label = action.resolves.length === 1 ? 'vulnerability' : 'vulnerabilities'
-          log(`\n\n# Run \`${recommendation.cmd}\` to resolve ${action.resolves.length} ${label}`)
+          log(`# Run ${Utils.color(' ' + recommendation.cmd + ' ', 'inverse', config.withColor)} to resolve ${action.resolves.length} ${label}`)
           if (recommendation.isBreaking) {
             log(`SEMVER WARNING: Recommended action is a potentially breaking change`)
           }
@@ -106,14 +106,14 @@ const report = function (data, options) {
             const table = new Table(tableOptions)
 
             table.push(
-              {[Utils.severityLabel(advisory.severity)]: advisory.title},
+              {[Utils.severityLabel(advisory.severity, config.withColor, true)]: Utils.color(advisory.title, 'bold', config.withColor)},
               {'Package': advisory.module_name},
               {'Dependency of': `${resolution.path.split('>')[0]} ${resolution.dev ? '[dev]' : ''}`},
-              {'Path': `${resolution.path.split('>').join(' > ')}`},
+              {'Path': `${resolution.path.split('>').join(Utils.color(' > ', 'grey', config.withColor))}`},
               {'More info': `https://nodesecurity.io/advisories/${advisory.id}`}
             )
 
-            log(table.toString())
+            log(table.toString() + '\n\n')
           })
         }
         if (action.action === 'review') {
@@ -130,7 +130,7 @@ const report = function (data, options) {
               vAlign: 'center',
               hAlign: 'center'
             }])
-            log('\n\n')
+
             log(table.toString())
           }
           reviewFlag = true
@@ -145,15 +145,17 @@ const report = function (data, options) {
               tableOptions.chars = blankChars
             }
             const table = new Table(tableOptions)
+            const patchedIn = advisory.patched_versions.replace(' ', '') === '<0.0.0' ? 'No patch available' : advisory.patched_versions
 
             table.push(
-              {[Utils.severityLabel(advisory.severity, config.withColor)]: advisory.title},
+              {[Utils.severityLabel(advisory.severity, config.withColor, true)]: Utils.color(advisory.title, 'bold', config.withColor)},
               {'Package': advisory.module_name},
+              {'Patched in': patchedIn},
               {'Dependency of': `${resolution.path.split('>')[0]} ${resolution.dev ? '[dev]' : ''}`},
-              {'Path': `${resolution.path.split('>').join(' > ')}`},
+              {'Path': `${resolution.path.split('>').join(Utils.color(' > ', 'grey', config.withColor))}`},
               {'More info': `https://nodesecurity.io/advisories/${advisory.id}`}
             )
-            log(table.toString())  
+            log(table.toString())
           })
         }
       })
@@ -170,10 +172,11 @@ const report = function (data, options) {
 }
 
 const getRecommendation = function (action, config) {
-
   if (action.action === 'install') {
+    const isDev = action.resolves[0].dev
+
     return {
-      cmd: `npm install ${action.module}@${action.target}`,
+      cmd: `npm install ${isDev ? '--dev ' : ''}${action.module}@${action.target}`,
       isBreaking: action.isMajor
     }
   } else {
@@ -182,7 +185,6 @@ const getRecommendation = function (action, config) {
       isBreaking: false
     }
   }
-
 }
 
 module.exports = report
diff --git a/node_modules/npm-audit-report/reporters/install.js b/node_modules/npm-audit-report/reporters/install.js
index d0b5bcf81..b3c411155 100644
--- a/node_modules/npm-audit-report/reporters/install.js
+++ b/node_modules/npm-audit-report/reporters/install.js
@@ -16,24 +16,28 @@ const report = function (data, options) {
   }
 
   if (Object.keys(data.advisories).length === 0) {
-    log(`${Utils.color('[+]', 'green', config.withColor)} no known vulnerabilities found [${data.metadata.totalDependencies} packages audited]`)
+    log(`${Utils.color('[+]', 'brightGreen', config.withColor)} no known vulnerabilities found [${data.metadata.totalDependencies} packages audited]`)
     return {
       report: output,
       exitCode: 0
     }
   } else {
     let total = 0
-
-    const severities = Object.entries(data.metadata.vulnerabilities).filter((value) => {
-      total = total + value[1]
-      if (value[1] > 0) {
-        return true
+    const sev = []
+
+    const keys = Object.keys(data.metadata.vulnerabilities)
+    for (let key of keys) {
+      const value = data.metadata.vulnerabilities[key]
+      total = total + value
+      if (value > 0) {
+        sev.push([key, value])
       }
-    }).map((value) => {
-      return `${value[1]} ${Utils.severityLabel(value[0], config.withColor)}`
+    }
+    const severities = sev.map((value) => {
+      return `${value[1]} ${Utils.severityLabel(value[0], false)}`
     }).join(' | ')
 
-    log(`${Utils.color('[!]', 'red', config.withColor)} ${total} ${total === 1 ? 'vulnerability' : 'vulnerabilities'} found [${data.metadata.totalDependencies} packages audited]`)
+    log(`${Utils.color('[!]', 'brightRed', config.withColor)} ${total} ${total === 1 ? 'vulnerability' : 'vulnerabilities'} found [${data.metadata.totalDependencies} packages audited]`)
     log(`    Severity: ${severities}`)
     log(`    Run \`npm audit\` for more detail`)
     return {
diff --git a/node_modules/npm-audit-report/reporters/quiet.js b/node_modules/npm-audit-report/reporters/quiet.js
new file mode 100644
index 000000000..3a5fd5eb9
--- /dev/null
+++ b/node_modules/npm-audit-report/reporters/quiet.js
@@ -0,0 +1,18 @@
+'use strict'
+
+const report = function (data, options) {
+  let total = 0
+
+  const keys = Object.keys(data.metadata.vulnerabilities)
+  for (let key of keys) {
+    const value = data.metadata.vulnerabilities[key]
+    total = total + value
+  }
+
+  return {
+    report: '',
+    exitCode: total === 0 ? 0 : 1
+  }
+}
+
+module.exports = report
author	Rebecca Turner <me@re-becca.org>	2018-05-03 00:57:29 +0300
committer	Rebecca Turner <me@re-becca.org>	2018-05-04 02:50:53 +0300
commit	5e56b3209c4719e3c4d7f0d9346dfca3881a5d34 (patch)
tree	33f56a371ce49ecf55e298e43069d986ae943bc1 /node_modules/npm-audit-report
parent	7e679fdc862a7176c290b51db91b189f5c6a0c95 (diff)