@chax-at/better-npm-audit
Version:
Reshape into a better npm audit for the community and encourage more people to include security audit into their process.
38 lines (37 loc) • 1.63 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
var lodash_get_1 = __importDefault(require("lodash.get"));
var file_1 = require("../utils/file");
var vulnerability_1 = require("../utils/vulnerability");
/**
* Handle user's input
* @param {Object} options User's command options or flags
* @param {Function} fn The function to handle the inputs
*/
function handleInput(options, fn) {
// Generate NPM Audit command
var auditCommand = [
'npm audit',
// flags
lodash_get_1.default(options, 'production') ? '--omit=dev' : '--include=dev',
lodash_get_1.default(options, 'registry') ? "--registry=" + options.registry : '',
]
.filter(Boolean)
.join(' ');
// Taking the audit level from the command or environment variable
var envVar = process.env.NPM_CONFIG_AUDIT_LEVEL;
var auditLevel = lodash_get_1.default(options, 'level', envVar) || 'info';
// Get the exceptions
var nsprc = file_1.readFile('.nsprc');
var cmdExceptions = lodash_get_1.default(options, 'exclude', '')
.split(',')
.map(function (e) { return e.toString().trim(); })
.filter(function (e) { return e !== ''; });
var exceptionIds = vulnerability_1.getExceptionsIds(nsprc, cmdExceptions);
var cmdModuleIgnore = lodash_get_1.default(options, 'moduleIgnore', '').split(',');
fn(auditCommand, auditLevel, exceptionIds, cmdModuleIgnore);
}
exports.default = handleInput;