UNPKG

better-npm-audit

Version:

Reshape into a better npm audit for the community and encourage more people to include security audit into their process.

github.com/jeemok/better-npm-audit

jeemok/better-npm-audit

57 lines (56 loc) 2.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); var lodash_get_1 = __importDefault(require("lodash.get")); var semver_1 = __importDefault(require("semver")); var npm_1 = require("../utils/npm"); var file_1 = require("../utils/file"); var vulnerability_1 = require("../utils/vulnerability"); /** * Get the `npm audit` flag to audit only production dependencies. * @return {String} The flag. */ function getProductionOnlyOption() { var npmVersion = npm_1.getNpmVersion(); if (semver_1.default.satisfies(npmVersion, '<=8.13.2')) { return '--production'; } else { return '--omit=dev'; } } /** * Handle user's input * @param {Object} options User's command options or flags * @param {Function} fn The function to handle the inputs */ function handleInput(options, fn) { // Generate NPM Audit command var auditCommand = [ 'npm audit', // flags lodash_get_1.default(options, 'production') ? getProductionOnlyOption() : '', lodash_get_1.default(options, 'registry') ? "--registry=" + options.registry : '', ] .filter(Boolean) .join(' '); // Taking the audit level from the command or environment variable var envVar = process.env.NPM_CONFIG_AUDIT_LEVEL; var auditLevel = lodash_get_1.default(options, 'level', envVar) || 'info'; // Get the exceptions var nsprc = file_1.readFile('.nsprc'); var cmdExceptions = lodash_get_1.default(options, 'exclude', '') .split(',') .map(function (each) { return each.trim(); }) .filter(function (each) { return each !== ''; }); var exceptionIds = vulnerability_1.getExceptionsIds(nsprc, cmdExceptions); var cmdModuleIgnore = lodash_get_1.default(options, 'moduleIgnore', '').split(','); var cmdIncludeColumns = lodash_get_1.default(options, 'includeColumns', '') .split(',') .map(function (each) { return each.trim(); }) .filter(function (each) { return !!each; }); fn(auditCommand, auditLevel, exceptionIds, cmdModuleIgnore, cmdIncludeColumns); } exports.default = handleInput;