UNPKG

verdaccio-audit

Version:

Verdaccio Middleware plugin to bypass npmjs audit

verdaccio.org

verdaccio/monorepo

87 lines (84 loc) 3.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.default = exports.REGISTRY_DOMAIN = void 0; var _https = _interopRequireDefault(require("https")); var _nodeFetch = _interopRequireDefault(require("node-fetch")); var _express = _interopRequireDefault(require("express")); var _httpsProxyAgent = _interopRequireDefault(require("https-proxy-agent")); var _bodyParser = require("body-parser"); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } // FUTURE: we should be able to overwrite this const REGISTRY_DOMAIN = 'https://registry.npmjs.org'; exports.REGISTRY_DOMAIN = REGISTRY_DOMAIN; class ProxyAudit { constructor(config, options) { this.enabled = config.enabled || false; this.strict_ssl = config.strict_ssl !== undefined ? config.strict_ssl : true; this.logger = options.logger; } register_middlewares(app, auth) { const fetchAudit = (req, res) => { var _auth$config; const headers = req.headers; headers['host'] = 'registry.npmjs.org'; headers['content-encoding'] = 'gzip,deflate,br'; let requestOptions = { agent: new _https.default.Agent({ rejectUnauthorized: this.strict_ssl }), body: JSON.stringify(req.body), headers, method: req.method }; if (auth !== null && auth !== void 0 && (_auth$config = auth.config) !== null && _auth$config !== void 0 && _auth$config.https_proxy) { var _auth$config2; // we should check whether this works fine after this migration // please notify if anyone is having issues const agent = (0, _httpsProxyAgent.default)(auth === null || auth === void 0 ? void 0 : (_auth$config2 = auth.config) === null || _auth$config2 === void 0 ? void 0 : _auth$config2.https_proxy); requestOptions = Object.assign({}, requestOptions, { agent }); } (async () => { try { const auditEndpoint = `${REGISTRY_DOMAIN}${req.baseUrl}${req.route.path}`; this.logger.debug('fetching audit from ' + auditEndpoint); const response = await (0, _nodeFetch.default)(auditEndpoint, requestOptions); if (response.ok) { res.status(response.status).send(await response.json()); } else { this.logger.warn('could not fetch audit: ' + JSON.stringify(await response.json())); res.status(response.status).end(); } } catch (error) { this.logger.warn('could not fetch audit: ' + error); res.status(500).end(); } })(); }; const handleAudit = (req, res) => { if (this.enabled) { fetchAudit(req, res); } else { res.status(500).end(); } }; /* eslint new-cap:off */ const router = _express.default.Router(); /* eslint new-cap:off */ router.post('/audits', (0, _bodyParser.json)({ limit: '10mb' }), handleAudit); router.post('/audits/quick', (0, _bodyParser.json)({ limit: '10mb' }), handleAudit); router.post('/advisories/bulk', (0, _bodyParser.json)({ limit: '10mb' }), handleAudit); app.use('/-/npm/v1/security', router); } } exports.default = ProxyAudit; //# sourceMappingURL=audit.js.map