@mendix/pluggable-widgets-tools
Version:
Mendix Pluggable Widgets Tools
63 lines (62 loc) • 3.18 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.collectVulnerabilities = collectVulnerabilities;
exports.run = run;
const node_assert_1 = __importDefault(require("node:assert"));
const node_fs_1 = require("node:fs");
const node_path_1 = require("node:path");
const paths_1 = require("../widget/paths");
const common_1 = require("../common");
const node_child_process_1 = require("node:child_process");
function collectVulnerabilities(report, rootDependency) {
const dependencies = [rootDependency];
const dependenciesSeen = [];
const allVulnerabilities = [];
while (dependencies.length > 0) {
const dependencyName = (0, common_1.ensure)(dependencies.shift());
dependenciesSeen.push(dependencyName);
const [transients, vulnerabilities] = (0, common_1.partition)(report.vulnerabilities[dependencyName].via, v => typeof v === "string");
if (vulnerabilities.length > 0) {
allVulnerabilities.push(...vulnerabilities);
continue;
}
dependencies.push(...transients.filter(d => !dependenciesSeen.includes(d)));
}
return allVulnerabilities;
}
function run() {
return __awaiter(this, void 0, void 0, function* () {
const packageLock = (0, node_path_1.join)(paths_1.widgetRoot, "package-lock.json");
(0, node_assert_1.default)((0, node_fs_1.existsSync)(packageLock), "Expected to find an npm lockfile. To run npm audit, dependencies must be installed with npm.");
const { report, error } = yield new Promise((resolve, reject) => {
(0, node_child_process_1.exec)("npm audit --json", (error, stdout, stderr) => {
if (error && stderr.length > 0) {
reject(error);
}
else {
resolve(stdout);
}
});
})
.then(json => ({ report: JSON.parse(json), error: undefined }))
.catch(error => ({ error, report: undefined }));
if (error) {
throw error;
}
(0, node_assert_1.default)(report, `Expected an npm audit report, but received "${report}"`);
(0, node_assert_1.default)(report.auditReportVersion === 2, `Expected npm audit report version 2, but received ${report.auditReportVersion}`);
return report;
});
}