update
This commit is contained in:
22
package/node_modules/npm-audit-report/lib/colors.js
generated
vendored
Normal file
22
package/node_modules/npm-audit-report/lib/colors.js
generated
vendored
Normal file
@@ -0,0 +1,22 @@
|
||||
module.exports = (chalk) => {
|
||||
const green = s => chalk.green.bold(s)
|
||||
const red = s => chalk.red.bold(s)
|
||||
const magenta = s => chalk.magenta.bold(s)
|
||||
const yellow = s => chalk.yellow.bold(s)
|
||||
const white = s => chalk.bold(s)
|
||||
const severity = (sev, s) => sev.toLowerCase() === 'moderate' ? yellow(s || sev)
|
||||
: sev.toLowerCase() === 'high' ? red(s || sev)
|
||||
: sev.toLowerCase() === 'critical' ? magenta(s || sev)
|
||||
: white(s || sev)
|
||||
const dim = s => chalk.dim(s)
|
||||
|
||||
return {
|
||||
dim,
|
||||
green,
|
||||
red,
|
||||
magenta,
|
||||
yellow,
|
||||
white,
|
||||
severity,
|
||||
}
|
||||
}
|
14
package/node_modules/npm-audit-report/lib/exit-code.js
generated
vendored
Normal file
14
package/node_modules/npm-audit-report/lib/exit-code.js
generated
vendored
Normal file
@@ -0,0 +1,14 @@
|
||||
// return 1 if any vulns in the set are at or above the specified severity
|
||||
const severities = new Map(Object.entries([
|
||||
'info',
|
||||
'low',
|
||||
'moderate',
|
||||
'high',
|
||||
'critical',
|
||||
'none',
|
||||
]).map(s => s.reverse()))
|
||||
|
||||
module.exports = (data, level) =>
|
||||
Object.entries(data.metadata.vulnerabilities)
|
||||
.some(([sev, count]) => count > 0 && severities.has(sev) &&
|
||||
severities.get(sev) >= severities.get(level)) ? 1 : 0
|
41
package/node_modules/npm-audit-report/lib/index.js
generated
vendored
Normal file
41
package/node_modules/npm-audit-report/lib/index.js
generated
vendored
Normal file
@@ -0,0 +1,41 @@
|
||||
'use strict'
|
||||
|
||||
const reporters = {
|
||||
install: require('./reporters/install'),
|
||||
detail: require('./reporters/detail'),
|
||||
json: require('./reporters/json'),
|
||||
quiet: require('./reporters/quiet'),
|
||||
}
|
||||
|
||||
const exitCode = require('./exit-code.js')
|
||||
|
||||
module.exports = Object.assign((data, options = {}) => {
|
||||
const {
|
||||
reporter = 'install',
|
||||
chalk,
|
||||
unicode = true,
|
||||
indent = 2,
|
||||
} = options
|
||||
|
||||
// CLI defaults this to `null` so the defaulting method above doesn't work
|
||||
const auditLevel = options.auditLevel || 'low'
|
||||
|
||||
if (!data) {
|
||||
throw Object.assign(
|
||||
new TypeError('ENOAUDITDATA'),
|
||||
{
|
||||
code: 'ENOAUDITDATA',
|
||||
message: 'missing audit data',
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
if (typeof data.toJSON === 'function') {
|
||||
data = data.toJSON()
|
||||
}
|
||||
|
||||
return {
|
||||
report: reporters[reporter](data, { chalk, unicode, indent }),
|
||||
exitCode: exitCode(data, auditLevel),
|
||||
}
|
||||
}, { reporters })
|
86
package/node_modules/npm-audit-report/lib/reporters/detail.js
generated
vendored
Normal file
86
package/node_modules/npm-audit-report/lib/reporters/detail.js
generated
vendored
Normal file
@@ -0,0 +1,86 @@
|
||||
'use strict'
|
||||
|
||||
const colors = require('../colors.js')
|
||||
const install = require('./install.js')
|
||||
|
||||
module.exports = (data, { chalk }) => {
|
||||
const summary = install.summary(data, { chalk })
|
||||
const none = data.metadata.vulnerabilities.total === 0
|
||||
return none ? summary : fullReport(data, { chalk, summary })
|
||||
}
|
||||
|
||||
const fullReport = (data, { chalk, summary }) => {
|
||||
const c = colors(chalk)
|
||||
const output = [c.white('# npm audit report'), '']
|
||||
|
||||
const printed = new Set()
|
||||
for (const [, vuln] of Object.entries(data.vulnerabilities)) {
|
||||
// only print starting from the top-level advisories
|
||||
if (vuln.via.filter(v => typeof v !== 'string').length !== 0) {
|
||||
output.push(printVuln(vuln, c, data.vulnerabilities, printed))
|
||||
}
|
||||
}
|
||||
|
||||
output.push(summary)
|
||||
|
||||
return output.join('\n')
|
||||
}
|
||||
|
||||
const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => {
|
||||
if (printed.has(vuln)) {
|
||||
return null
|
||||
}
|
||||
|
||||
printed.add(vuln)
|
||||
const output = []
|
||||
|
||||
output.push(c.white(vuln.name) + ' ' + vuln.range)
|
||||
|
||||
if (indent === '' && (vuln.severity !== 'low' || vuln.severity === 'info')) {
|
||||
output.push(`Severity: ${c.severity(vuln.severity)}`)
|
||||
}
|
||||
|
||||
for (const via of vuln.via) {
|
||||
if (typeof via === 'string') {
|
||||
output.push(`Depends on vulnerable versions of ${c.white(via)}`)
|
||||
} else if (indent === '') {
|
||||
output.push(`${c.white(via.title)} - ${via.url}`)
|
||||
}
|
||||
}
|
||||
|
||||
if (indent === '') {
|
||||
const { fixAvailable: fa } = vuln
|
||||
if (fa === false) {
|
||||
output.push(c.red('No fix available'))
|
||||
} else if (fa === true) {
|
||||
output.push(c.green('fix available') + ' via `npm audit fix`')
|
||||
} else {
|
||||
/* istanbul ignore else - should be impossible, just being cautious */
|
||||
if (typeof fa === 'object' && indent === '') {
|
||||
output.push(
|
||||
`${c.yellow('fix available')} via \`npm audit fix --force\``,
|
||||
`Will install ${fa.name}@${fa.version}` +
|
||||
`, which is ${fa.isSemVerMajor ? 'a breaking change' :
|
||||
'outside the stated dependency range'}`
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (const path of vuln.nodes) {
|
||||
output.push(c.dim(path))
|
||||
}
|
||||
|
||||
for (const effect of vuln.effects) {
|
||||
const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, ' ')
|
||||
if (e) {
|
||||
output.push(...e.split('\n'))
|
||||
}
|
||||
}
|
||||
|
||||
if (indent === '') {
|
||||
output.push('')
|
||||
}
|
||||
|
||||
return output.map(l => `${indent}${l}`).join('\n')
|
||||
}
|
75
package/node_modules/npm-audit-report/lib/reporters/install.js
generated
vendored
Normal file
75
package/node_modules/npm-audit-report/lib/reporters/install.js
generated
vendored
Normal file
@@ -0,0 +1,75 @@
|
||||
const colors = require('../colors.js')
|
||||
|
||||
const calculate = (data, { chalk }) => {
|
||||
const c = colors(chalk)
|
||||
const output = []
|
||||
const { metadata: { vulnerabilities } } = data
|
||||
const vulnCount = vulnerabilities.total
|
||||
|
||||
let someFixable = false
|
||||
let someForceFixable = false
|
||||
let forceFixSemVerMajor = false
|
||||
let someUnfixable = false
|
||||
|
||||
if (vulnCount === 0) {
|
||||
output.push(`found ${c.green('0')} vulnerabilities`)
|
||||
} else {
|
||||
for (const [, vuln] of Object.entries(data.vulnerabilities)) {
|
||||
const { fixAvailable } = vuln
|
||||
someFixable = someFixable || fixAvailable === true
|
||||
someUnfixable = someUnfixable || fixAvailable === false
|
||||
if (typeof fixAvailable === 'object') {
|
||||
someForceFixable = true
|
||||
forceFixSemVerMajor = forceFixSemVerMajor || fixAvailable.isSemVerMajor
|
||||
}
|
||||
}
|
||||
const total = vulnerabilities.total
|
||||
const sevs = Object.entries(vulnerabilities).filter(([s, count]) => {
|
||||
return (s === 'low' || s === 'moderate' || s === 'high' || s === 'critical') &&
|
||||
count > 0
|
||||
})
|
||||
|
||||
if (sevs.length > 1) {
|
||||
const severities = sevs.map(([s, count]) => {
|
||||
return `${count} ${c.severity(s)}`
|
||||
}).join(', ')
|
||||
output.push(`${c.red(total)} vulnerabilities (${severities})`)
|
||||
} else {
|
||||
const [sev, count] = sevs[0]
|
||||
output.push(`${count} ${c.severity(sev)} severity vulnerabilit${count === 1 ? 'y' : 'ies'}`)
|
||||
}
|
||||
|
||||
// XXX use a different footer line if some aren't fixable easily.
|
||||
// just 'run `npm audit` for details' maybe?
|
||||
|
||||
if (someFixable) {
|
||||
output.push('', 'To address ' +
|
||||
(someForceFixable || someUnfixable ? 'issues that do not require attention'
|
||||
: 'all issues') + ', run:\n npm audit fix')
|
||||
}
|
||||
|
||||
if (someForceFixable) {
|
||||
output.push('', 'To address all issues' +
|
||||
(someUnfixable ? ' possible' : '') +
|
||||
(forceFixSemVerMajor ? ' (including breaking changes)' : '') +
|
||||
', run:\n npm audit fix --force')
|
||||
}
|
||||
|
||||
if (someUnfixable) {
|
||||
output.push('',
|
||||
'Some issues need review, and may require choosing',
|
||||
'a different dependency.')
|
||||
}
|
||||
}
|
||||
|
||||
const summary = output.join('\n')
|
||||
return {
|
||||
summary,
|
||||
report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
|
||||
: summary,
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
|
||||
summary: (data, opt) => calculate(data, opt).summary,
|
||||
})
|
1
package/node_modules/npm-audit-report/lib/reporters/json.js
generated
vendored
Normal file
1
package/node_modules/npm-audit-report/lib/reporters/json.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
module.exports = (data, { indent }) => JSON.stringify(data, null, indent)
|
1
package/node_modules/npm-audit-report/lib/reporters/quiet.js
generated
vendored
Normal file
1
package/node_modules/npm-audit-report/lib/reporters/quiet.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
module.exports = () => ''
|
Reference in New Issue
Block a user