UNPKG

@mendix/pluggable-widgets-tools

Version:
63 lines (62 loc) 3.18 kB
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.collectVulnerabilities = collectVulnerabilities; exports.run = run; const node_assert_1 = __importDefault(require("node:assert")); const node_fs_1 = require("node:fs"); const node_path_1 = require("node:path"); const paths_1 = require("../widget/paths"); const common_1 = require("../common"); const node_child_process_1 = require("node:child_process"); function collectVulnerabilities(report, rootDependency) { const dependencies = [rootDependency]; const dependenciesSeen = []; const allVulnerabilities = []; while (dependencies.length > 0) { const dependencyName = (0, common_1.ensure)(dependencies.shift()); dependenciesSeen.push(dependencyName); const [transients, vulnerabilities] = (0, common_1.partition)(report.vulnerabilities[dependencyName].via, v => typeof v === "string"); if (vulnerabilities.length > 0) { allVulnerabilities.push(...vulnerabilities); continue; } dependencies.push(...transients.filter(d => !dependenciesSeen.includes(d))); } return allVulnerabilities; } function run() { return __awaiter(this, void 0, void 0, function* () { const packageLock = (0, node_path_1.join)(paths_1.widgetRoot, "package-lock.json"); (0, node_assert_1.default)((0, node_fs_1.existsSync)(packageLock), "Expected to find an npm lockfile. To run npm audit, dependencies must be installed with npm."); const { report, error } = yield new Promise((resolve, reject) => { (0, node_child_process_1.exec)("npm audit --json", (error, stdout, stderr) => { if (error && stderr.length > 0) { reject(error); } else { resolve(stdout); } }); }) .then(json => ({ report: JSON.parse(json), error: undefined })) .catch(error => ({ error, report: undefined })); if (error) { throw error; } (0, node_assert_1.default)(report, `Expected an npm audit report, but received "${report}"`); (0, node_assert_1.default)(report.auditReportVersion === 2, `Expected npm audit report version 2, but received ${report.auditReportVersion}`); return report; }); }