UNPKG

@atomist/sdm-pack-node

Version:

Extension pack for an Atomist SDM to work with Node.js projects

116 lines 4.92 kB
"use strict"; /* * Copyright © 2019 Atomist, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); const automation_client_1 = require("@atomist/automation-client"); const sdm_1 = require("@atomist/sdm"); const slack_messages_1 = require("@atomist/slack-messages"); const _ = require("lodash"); const npmAuditAutofix_1 = require("../autofix/npmAuditAutofix"); exports.npmAuditReviewCategory = "npm audit"; function npmAuditReviewComment(detail, rule, severity = "info") { return { category: exports.npmAuditReviewCategory, detail, severity, subcategory: rule, }; } function mapNpmAuditResultsToReviewComments(npmAuditOutput) { let results; try { results = JSON.parse(npmAuditOutput); } catch (e) { automation_client_1.logger.error(`Failed to parse npm audit output '${npmAuditOutput}': ${e.message}`); return []; } return _.map(results.advisories, v => { const rule = `${v.module_name}:${v.vulnerable_versions}`; let details = `[${v.title}](${v.url})`; if (!!v.recommendation) { details = `${details} ${slack_messages_1.italic(v.recommendation.trim())}`; } if (!!v.cves && v.cves.length > 0) { details = `${details} - ${v.cves.map(c => `[${c}](https://nvd.nist.gov/vuln/detail/${c})`).join(" ")}`; } if (!!v.findings && v.findings.length > 0) { const findings = v.findings.map(f => `\n - ${slack_messages_1.codeLine(`${v.module_name}:${f.version}`)}: ${(f.paths || []).map(p => `\n - ${slack_messages_1.codeLine(p)}`).join("")}`); details = `${details} ${findings.join("")}`; } let severity; switch (v.severity) { case "info": case "low": severity = "info"; break; case "moderate": severity = "warn"; break; case "high": case "critical": severity = "error"; break; } return npmAuditReviewComment(details, rule, severity); }); } exports.mapNpmAuditResultsToReviewComments = mapNpmAuditResultsToReviewComments; function runNpmAuditOnProject(options = npmAuditAutofix_1.DefaultNpmAuditOptions) { return (p) => __awaiter(this, void 0, void 0, function* () { const review = { repoId: p.id, comments: [] }; if (!automation_client_1.isLocalProject(p)) { automation_client_1.logger.error(`Project ${p.name} is not a local project`); return review; } const cwd = p.baseDir; const args = ["audit", "--json"]; if (options.packageLockOnly === true) { args.push("--package-lock-only"); } try { const npmAuditResult = yield sdm_1.spawnPromise("npm", args, { cwd }); if (npmAuditResult.stderr) { automation_client_1.logger.debug(`npm audit standard error from ${p.name}: ${npmAuditResult.stderr}`); } const comments = mapNpmAuditResultsToReviewComments(npmAuditResult.stdout); review.comments.push(...comments); } catch (e) { automation_client_1.logger.error(`Failed to run npm audit: ${e.message}`); } return review; }); } exports.runNpmAuditOnProject = runNpmAuditOnProject; function npmAuditInspection(options = npmAuditAutofix_1.DefaultNpmAuditOptions) { return { name: "NpmAuditInspection", description: "Run npm audit on project", inspection: runNpmAuditOnProject(options), intent: "npm audit", }; } exports.npmAuditInspection = npmAuditInspection; //# sourceMappingURL=npmAudit.js.map