@chax-at/better-npm-audit/lib/src/handlers/handleFinish.js

Reshape into a better npm audit for the community and encourage more people to include security audit into their process.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
var print_1 = require("../utils/print");
var vulnerability_1 = require("../utils/vulnerability");
/**
 * Process and analyze the NPM audit JSON
 * @param  {String} jsonBuffer    NPM audit stringified JSON payload
 * @param  {Number} auditLevel    The level of vulnerabilities we care about
 * @param  {Array} exceptionIds   List of vulnerability IDs to exclude
 * @param  {Array} modulesToIgnore   List of vulnerable modules to ignore in audit results
 * @return {undefined}
 */
function handleFinish(jsonBuffer, auditLevel, exceptionIds, modulesToIgnore) {
    var _a = vulnerability_1.processAuditJson(jsonBuffer, auditLevel, exceptionIds, modulesToIgnore), unhandledIds = _a.unhandledIds, vulnerabilityIds = _a.vulnerabilityIds, vulnerabilityUrls = _a.vulnerabilityUrls, vulnerabilityGhsa = _a.vulnerabilityGhsa, vulnerabilityModules = _a.vulnerabilityModules, report = _a.report, failed = _a.failed;
    // If unable to process the audit JSON
    if (failed) {
        console.error('Unable to process the JSON buffer string.');
        // Exit failed
        process.exit(1);
        return;
    }
    // Print the security report
    if (report.length) {
        print_1.printSecurityReport(report);
    }
    // Grab any un-filtered vulnerabilities at the appropriate level
    var unusedExceptionIds = exceptionIds.filter(function (id) { return !vulnerabilityIds.includes(+id) && !vulnerabilityUrls.includes(id) && !vulnerabilityGhsa.includes(id); });
    var unusedIgnoredModules = modulesToIgnore.filter(function (moduleName) { return !vulnerabilityModules.includes(moduleName); });
    var messages = [
        unusedExceptionIds.length + " of the excluded vulnerabilities did not match any of the found vulnerabilities: " + unusedExceptionIds.join(', ') + ".",
        (unusedExceptionIds.length > 1 ? 'They' : 'It') + " can be removed from the .nsprc file or --exclude -x flags.",
    ];
    // Display the unused exceptionId's
    if (unusedExceptionIds.length) {
        if (unusedIgnoredModules.length) {
            messages.push(unusedIgnoredModules.length + " of the ignored modules did not match any of the found vulnerabilites: " + unusedIgnoredModules.join(', ') + ".", (unusedIgnoredModules.length > 1 ? 'They' : 'It') + " can be removed from the --module-ignore -m flags.");
        }
        console.warn(messages.join(' '));
    }
    // Display the found unhandled vulnerabilities
    if (unhandledIds.length) {
        console.error(unhandledIds.length + " vulnerabilities found. Node security advisories: " + unhandledIds.join(', '));
        // Exit failed
        process.exit(1);
    }
    else {
        // Happy happy, joy joy
        console.info('🤝  All good!');
        process.exit(0);
    }
}
exports.default = handleFinish;