UNPKG

yarn-audit-fix

Version:

The missing `yarn audit fix`

github.com/antongolub/yarn-audit-fix

antongolub/yarn-audit-fix

110 lines (102 loc) 2.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env node import process from 'node:process' import { Command, Option } from 'commander' import { run } from './runner' const parseMultipleValueArg = ( value: string, previous: string | string[] | undefined, ) => { if (!previous) { return value } return [previous, value].flat() } const env = process.env const flags = new Command() .addOption( new Option( '--audit-level [level]', 'Include only vulnerabilities with the specified level or higher', ) .choices(['low', 'moderate', 'high', 'critical']) .default(env.YAF_AUDIT_LEVEL), ) .option('--cwd [path]', 'CWD. Defaults to `process.cwd()`', env.YAF_CWD) .option( '--dry-run [bool]', 'Get an idea of what audit fix will do', env.YAF_DRY_RUN, ) .option( '--exclude <path>', 'Array of glob patterns of packages to exclude from audit', parseMultipleValueArg, env.YAF_EXCLUDE, ) .addOption( new Option('--flow [flow]', 'Define how `yarn.lock` is modified') .choices(['convert', 'patch']) .default(env.YAF_FLOW || 'patch'), ) .option( '--force [bool]', 'Have audit fix install semver-major updates to toplevel dependencies, not just semver-compatible ones', env.YAF_FORCE, ) .option( '--ignore <id>', 'Array of glob patterns of advisory IDs to ignore in the audit report', parseMultipleValueArg, env.YAF_IGNORE, ) .option( '--ignore-engines [bool]', 'Ignore engines check', env.YAF_IGNORE_ENGINES, ) .option('--loglevel [level]', 'Set custom log level', env.YAF_LOGLEVEL) .option( '--legacy-peer-deps [bool]', 'Accept an incorrect (potentially broken) deps resolution', env.YAF_LEGACY_PEER_DEPS, ) .addOption( new Option( '--npm-path [path]', "Switch to system default version of npm instead of package's own.", ) .choices(['system', 'local']) .default(env.YAF_NPM_PATH || 'system'), ) .addOption( new Option('--only [scope]', 'Set package updating scope') .choices(['prod', 'dev']) .default(env.YAF_ONLY), ) .option( '--package-lock-only [bool]', 'Run audit fix without modifying `node_modules`.', env.YAF_PACKAGE_LOCK_ONLY, ) .option('--registry [registry]', 'Custom registry url', env.YAF_REGISTRY) .option('--silent [bool]', 'Disable log output', env.YAF_SILENT) .addOption( new Option( '--symlink', 'Define symlink type for `node_modules` assets', ).choices(['junction', 'dir']), ) .option('--temp [dir]', 'Directory for temporary assets') .option( '--verbose [bool]', 'Switch log level to verbose/debug', env.YAF_VERBOSE, ) .option( '--version, -v', 'Print current yarn-audit-fix version' ) .allowUnknownOption() .parse(process.argv) .opts() run.sync(flags)