Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/npm/cli.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/node_modules/npm-audit-report
diff options
context:
space:
mode:
authorKat Marchán <kzm@zkat.tech>2018-07-11 01:03:07 +0300
committerKat Marchán <kzm@zkat.tech>2018-07-11 01:03:07 +0300
commit90c759fee6055cf61cf6709432a5e6eae6278096 (patch)
treef22fb57c1b4176d457658baef5e5338f02bee33e /node_modules/npm-audit-report
parent8dc6d76408f83ba35bda77a2ac1bdbde01937349 (diff)
npm-audit-report@1.3.1
Diffstat (limited to 'node_modules/npm-audit-report')
-rw-r--r--node_modules/npm-audit-report/CHANGELOG.md22
-rw-r--r--node_modules/npm-audit-report/README.md21
-rw-r--r--node_modules/npm-audit-report/index.js3
-rw-r--r--node_modules/npm-audit-report/lib/utils.js25
-rw-r--r--node_modules/npm-audit-report/package.json34
-rw-r--r--node_modules/npm-audit-report/reporters/detail.js15
-rw-r--r--node_modules/npm-audit-report/reporters/install.js13
-rw-r--r--node_modules/npm-audit-report/reporters/parseable.js96
-rw-r--r--node_modules/npm-audit-report/reporters/quiet.js12
9 files changed, 178 insertions, 63 deletions
diff --git a/node_modules/npm-audit-report/CHANGELOG.md b/node_modules/npm-audit-report/CHANGELOG.md
index 428659ba0..4cf6a1acd 100644
--- a/node_modules/npm-audit-report/CHANGELOG.md
+++ b/node_modules/npm-audit-report/CHANGELOG.md
@@ -2,6 +2,28 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+<a name="1.3.1"></a>
+## [1.3.1](https://github.com/npm/npm-audit-report/compare/v1.3.0...v1.3.1) (2018-07-10)
+
+
+
+<a name="1.3.0"></a>
+# [1.3.0](https://github.com/npm/npm-audit-report/compare/v1.2.1...v1.3.0) (2018-07-09)
+
+
+### Bug Fixes
+
+* **deps:** remove object.values dependency ([2c5374a](https://github.com/npm/npm-audit-report/commit/2c5374a))
+* **detail:** Fix info-level severity ([#18](https://github.com/npm/npm-audit-report/issues/18)) ([807db5a](https://github.com/npm/npm-audit-report/commit/807db5a))
+* **tests:** a test should not cause side-effects in other tests ([#23](https://github.com/npm/npm-audit-report/issues/23)) ([a94449f](https://github.com/npm/npm-audit-report/commit/a94449f))
+
+
+### Features
+
+* **output:** add `parseable` tabular output format support ([#21](https://github.com/npm/npm-audit-report/issues/21)) ([1c9aaf4](https://github.com/npm/npm-audit-report/commit/1c9aaf4))
+
+
+
<a name="1.2.1"></a>
## [1.2.1](https://github.com/npm/npm-audit-report/compare/v1.2.0...v1.2.1) (2018-05-17)
diff --git a/node_modules/npm-audit-report/README.md b/node_modules/npm-audit-report/README.md
index 69a9c28e8..1d1697f4f 100644
--- a/node_modules/npm-audit-report/README.md
+++ b/node_modules/npm-audit-report/README.md
@@ -20,6 +20,9 @@ The response is an object that contains an output string (the report) and a sugg
```
'use strict'
const Report = require('npm-audit-report')
+const options = {
+ reporter: 'json'
+}
Report(response, options, (result) => {
console.log(result.report)
@@ -30,16 +33,8 @@ Report(response, options, (result) => {
## options
-reporter:
- specify which output format you want to use (install, detail, json)
-
-withColor:
- true || false indicates if some report elements should use colors or not
-
-withUnicode:
- true || false indicates if unicode characters should be used or not.
-
-
-
-
-
+| option | values | default | description |
+| :--- | :--- | :--- |:--- |
+| reporter     | `install`, `detail`, `json`, `quiet` | `install` | specify which output format you want to use |
+| withColor     | `true`, `false`   | `true`   | indicates if some report elements should use colors |
+| withUnicode   | `true`, `false`                  | `true` | indicates if unicode characters should be used| \ No newline at end of file
diff --git a/node_modules/npm-audit-report/index.js b/node_modules/npm-audit-report/index.js
index 2e0f21abb..4f9f5d677 100644
--- a/node_modules/npm-audit-report/index.js
+++ b/node_modules/npm-audit-report/index.js
@@ -2,6 +2,7 @@
const reporters = {
install: require('./reporters/install'),
+ parseable: require('./reporters/parseable'),
detail: require('./reporters/detail'),
json: require('./reporters/json'),
quiet: require('./reporters/quiet')
@@ -15,7 +16,7 @@ const report = function (data, options) {
}
const config = Object.assign({}, defaults, options)
- return new Promise((resolve, reject) => {
+ return new Promise((resolve) => {
const result = reporters[config.reporter](data, config)
return resolve(result)
})
diff --git a/node_modules/npm-audit-report/lib/utils.js b/node_modules/npm-audit-report/lib/utils.js
index 069ebac8a..3b521a5f3 100644
--- a/node_modules/npm-audit-report/lib/utils.js
+++ b/node_modules/npm-audit-report/lib/utils.js
@@ -2,6 +2,8 @@
exports.severityLabel = severityLabel
exports.color = color
+exports.totalVulnCount = totalVulnCount
+exports.severities = severities
const ccs = require('console-control-strings')
@@ -21,6 +23,10 @@ const severityColors = {
low: {
color: 'bold',
label: 'Low'
+ },
+ info: {
+ color: '',
+ label: 'Info'
}
}
@@ -29,7 +35,26 @@ function color (value, colorName, withColor) {
}
function severityLabel (sev, withColor, bold) {
+ if (!(sev in severityColors)) return sev.charAt(0).toUpperCase() + sev.substr(1).toLowerCase()
let colorName = severityColors[sev].color
if (bold) colorName = [colorName, 'bold']
return color(severityColors[sev].label, colorName, withColor)
}
+
+function totalVulnCount (vulns) {
+ return Object.keys(vulns).reduce((accumulator, key) => {
+ const vulnCount = vulns[key]
+ accumulator += vulnCount
+
+ return accumulator
+ }, 0)
+}
+
+function severities (vulns) {
+ return Object.keys(vulns).reduce((accumulator, severity) => {
+ const vulnCount = vulns[severity]
+ if (vulnCount > 0) accumulator.push([severity, vulnCount])
+
+ return accumulator
+ }, [])
+}
diff --git a/node_modules/npm-audit-report/package.json b/node_modules/npm-audit-report/package.json
index 7ed0b6a7c..0f76601e2 100644
--- a/node_modules/npm-audit-report/package.json
+++ b/node_modules/npm-audit-report/package.json
@@ -1,42 +1,40 @@
{
- "_args": [
- [
- "npm-audit-report@1.2.1",
- "/Users/rebecca/code/npm"
- ]
- ],
- "_from": "npm-audit-report@1.2.1",
- "_id": "npm-audit-report@1.2.1",
+ "_from": "npm-audit-report@^1.2.1",
+ "_id": "npm-audit-report@1.3.1",
"_inBundle": false,
- "_integrity": "sha512-1eh6z0FivYQkLIU5xYcal8ssiGAgn0817u56EcF751HJD0m1PbAxurM/mc9WmAm3vhNZGkExleU/55VN/WRjFw==",
+ "_integrity": "sha512-SjTF8ZP4rOu3JiFrTMi4M1CmVo2tni2sP4TzhyCMHwnMGf6XkdGLZKt9cdZ12esKf0mbQqFyU9LtY0SoeahL7g==",
"_location": "/npm-audit-report",
"_phantomChildren": {},
"_requested": {
- "type": "version",
+ "type": "range",
"registry": true,
- "raw": "npm-audit-report@1.2.1",
+ "raw": "npm-audit-report@^1.2.1",
"name": "npm-audit-report",
"escapedName": "npm-audit-report",
- "rawSpec": "1.2.1",
+ "rawSpec": "^1.2.1",
"saveSpec": null,
- "fetchSpec": "1.2.1"
+ "fetchSpec": "^1.2.1"
},
"_requiredBy": [
+ "#USER",
"/"
],
- "_resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.2.1.tgz",
- "_spec": "1.2.1",
- "_where": "/Users/rebecca/code/npm",
+ "_resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.3.1.tgz",
+ "_shasum": "e79ea1fcb5ffaf3031102b389d5222c2b0459632",
+ "_spec": "npm-audit-report@^1.2.1",
+ "_where": "/Users/zkat/Documents/code/work/npm",
"author": {
"name": "Adam Baldwin"
},
"bugs": {
"url": "https://github.com/npm/npm-audit-report/issues"
},
+ "bundleDependencies": false,
"dependencies": {
- "cli-table2": "^0.2.0",
+ "cli-table3": "^0.5.0",
"console-control-strings": "^1.1.0"
},
+ "deprecated": false,
"description": "Given a response from the npm security api, render it into a variety of security reports",
"devDependencies": {
"keyfob": "^1.0.0",
@@ -78,5 +76,5 @@
"update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
"update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
},
- "version": "1.2.1"
+ "version": "1.3.1"
}
diff --git a/node_modules/npm-audit-report/reporters/detail.js b/node_modules/npm-audit-report/reporters/detail.js
index f4f96b677..2cbb8fea5 100644
--- a/node_modules/npm-audit-report/reporters/detail.js
+++ b/node_modules/npm-audit-report/reporters/detail.js
@@ -1,7 +1,7 @@
'use strict'
const summary = require('./install.js').summary
-const Table = require('cli-table2')
+const Table = require('cli-table3')
const Utils = require('../lib/utils')
const report = function (data, options) {
@@ -37,17 +37,8 @@ const report = function (data, options) {
}
const footer = function (data) {
- let total = 0
- const sev = []
-
- const keys = Object.keys(data.metadata.vulnerabilities)
- for (let key of keys) {
- const value = data.metadata.vulnerabilities[key]
- total = total + value
- if (value > 0) {
- sev.push([key, value])
- }
- }
+ const total = Utils.totalVulnCount(data.metadata.vulnerabilities)
+
if (total > 0) {
exit = 1
}
diff --git a/node_modules/npm-audit-report/reporters/install.js b/node_modules/npm-audit-report/reporters/install.js
index 00d358393..96ea12bd8 100644
--- a/node_modules/npm-audit-report/reporters/install.js
+++ b/node_modules/npm-audit-report/reporters/install.js
@@ -43,17 +43,8 @@ function summary (data, options) {
log(`${green('0')} vulnerabilities`)
return output
} else {
- let total = 0
- const sev = []
-
- const keys = Object.keys(data.metadata.vulnerabilities)
- for (let key of keys) {
- const value = data.metadata.vulnerabilities[key]
- total = total + value
- if (value > 0) {
- sev.push([key, value])
- }
- }
+ const total = Utils.totalVulnCount(data.metadata.vulnerabilities)
+ const sev = Utils.severities(data.metadata.vulnerabilities)
if (sev.length > 1) {
const severities = sev.map((value) => {
diff --git a/node_modules/npm-audit-report/reporters/parseable.js b/node_modules/npm-audit-report/reporters/parseable.js
new file mode 100644
index 000000000..363359772
--- /dev/null
+++ b/node_modules/npm-audit-report/reporters/parseable.js
@@ -0,0 +1,96 @@
+'use strict'
+
+const report = function (data, options) {
+ const defaults = {
+ severityThreshold: 'info'
+ }
+
+ const config = Object.assign({}, defaults, options)
+
+ let exit = 0
+
+ const actions = function (data, config) {
+ let accumulator = {
+ high: '',
+ moderate: '',
+ low: ''
+ }
+
+ if (Object.keys(data.advisories).length !== 0) {
+ data.actions.forEach((action) => {
+ let l = {}
+ // Start with install/update actions
+ if (action.action === 'update' || action.action === 'install') {
+ const recommendation = getRecommendation(action, config)
+ l.recommendation = recommendation.cmd
+ l.breaking = recommendation.isBreaking ? 'Y' : 'N'
+
+ // TODO: Verify: The advisory seems to repeat and be the same for all the 'resolves'. Is it true?
+ const advisory = data.advisories[action.resolves[0].id]
+ l.sevLevel = advisory.severity
+ l.severity = advisory.title
+ l.package = advisory.module_name
+ l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}`
+ l.path = action.resolves[0].path
+
+ accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking]
+ .join('\t') + '\n'
+ }
+
+ if (action.action === 'review') {
+ action.resolves.forEach((resolution) => {
+ const advisory = data.advisories[resolution.id]
+
+ l.sevLevel = advisory.severity
+ l.severity = advisory.title
+ l.package = advisory.module_name
+ l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}`
+ l.patchedIn = advisory.patched_versions.replace(' ', '') === '<0.0.0' ? 'No patch available' : advisory.patched_versions
+ l.path = resolution.path
+
+ accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.patchedIn, l.severity, l.moreInfo, l.path].join('\t') + '\n'
+ }) // forEach resolves
+ } // is review
+ }) // forEach actions
+ }
+ return accumulator['high'] + accumulator['moderate'] + accumulator['low']
+ }
+
+ const exitCode = function (metadata) {
+ let total = 0
+ const keys = Object.keys(metadata.vulnerabilities)
+ for (let key of keys) {
+ const value = metadata.vulnerabilities[key]
+ total = total + value
+ }
+
+ if (total > 0) {
+ exit = 1
+ }
+ }
+
+ exitCode(data.metadata)
+
+ return {
+ report: actions(data, config),
+ exitCode: exit
+ }
+}
+
+const getRecommendation = function (action, config) {
+ if (action.action === 'install') {
+ const isDev = action.resolves[0].dev
+
+ return {
+ cmd: `npm install ${isDev ? '--save-dev ' : ''}${action.module}@${action.target}`,
+ isBreaking: action.isMajor
+ }
+ } else {
+ return {
+ cmd: `npm update ${action.module} --depth ${action.depth}`,
+ isBreaking: false
+ }
+ }
+}
+
+module.exports = report
diff --git a/node_modules/npm-audit-report/reporters/quiet.js b/node_modules/npm-audit-report/reporters/quiet.js
index 3a5fd5eb9..d6f5c5846 100644
--- a/node_modules/npm-audit-report/reporters/quiet.js
+++ b/node_modules/npm-audit-report/reporters/quiet.js
@@ -1,17 +1,13 @@
'use strict'
-const report = function (data, options) {
- let total = 0
+const Utils = require('../lib/utils')
- const keys = Object.keys(data.metadata.vulnerabilities)
- for (let key of keys) {
- const value = data.metadata.vulnerabilities[key]
- total = total + value
- }
+const report = function (data) {
+ const totalVulnCount = Utils.totalVulnCount(data.metadata.vulnerabilities)
return {
report: '',
- exitCode: total === 0 ? 0 : 1
+ exitCode: totalVulnCount === 0 ? 0 : 1
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 09:57:08 +0300