diff --git a/node_modules/npm-audit-report/lib/colors.js b/node_modules/npm-audit-report/lib/colors.js index ad76870fd6fda..2fbf5c36093de 100644 --- a/node_modules/npm-audit-report/lib/colors.js +++ b/node_modules/npm-audit-report/lib/colors.js @@ -19,6 +19,6 @@ module.exports = color => { magenta, yellow, white, - severity + severity, } } diff --git a/node_modules/npm-audit-report/lib/exit-code.js b/node_modules/npm-audit-report/lib/exit-code.js index 7a32ac6db4770..fcb580b512671 100644 --- a/node_modules/npm-audit-report/lib/exit-code.js +++ b/node_modules/npm-audit-report/lib/exit-code.js @@ -5,7 +5,7 @@ const severities = new Map(Object.entries([ 'moderate', 'high', 'critical', - 'none' + 'none', ]).map(s => s.reverse())) module.exports = (data, level) => diff --git a/node_modules/npm-audit-report/lib/index.js b/node_modules/npm-audit-report/lib/index.js index 9ee86be7915d8..63063f92526a1 100644 --- a/node_modules/npm-audit-report/lib/index.js +++ b/node_modules/npm-audit-report/lib/index.js @@ -4,7 +4,7 @@ const reporters = { install: require('./reporters/install'), detail: require('./reporters/detail'), json: require('./reporters/json'), - quiet: require('./reporters/quiet') + quiet: require('./reporters/quiet'), } const exitCode = require('./exit-code.js') @@ -20,20 +20,22 @@ module.exports = Object.assign((data, options = {}) => { // CLI defaults this to `null` so the defaulting method above doesn't work const auditLevel = options.auditLevel || 'low' - if (!data) + if (!data) { throw Object.assign( new TypeError('ENOAUDITDATA'), { code: 'ENOAUDITDATA', - message: 'missing audit data' + message: 'missing audit data', } ) + } - if (typeof data.toJSON === 'function') + if (typeof data.toJSON === 'function') { data = data.toJSON() + } return { report: reporters[reporter](data, { color, unicode, indent }), - exitCode: exitCode(data, auditLevel) + exitCode: exitCode(data, auditLevel), } }, { reporters }) diff --git a/node_modules/npm-audit-report/lib/reporters/detail.js b/node_modules/npm-audit-report/lib/reporters/detail.js index 50451f057972d..ba2f013836d9d 100644 --- a/node_modules/npm-audit-report/lib/reporters/detail.js +++ b/node_modules/npm-audit-report/lib/reporters/detail.js @@ -6,7 +6,7 @@ const install = require('./install.js') module.exports = (data, { color }) => { const summary = install.summary(data, { color }) const none = data.metadata.vulnerabilities.total === 0 - return none ? summary : fullReport(data, {color, summary}) + return none ? summary : fullReport(data, { color, summary }) } const fullReport = (data, { color, summary }) => { @@ -14,10 +14,11 @@ const fullReport = (data, { color, summary }) => { const output = [c.white('# npm audit report'), ''] const printed = new Set() - for (const [name, vuln] of Object.entries(data.vulnerabilities)) { + for (const [, vuln] of Object.entries(data.vulnerabilities)) { // only print starting from the top-level advisories - if (vuln.via.filter(v => typeof v !== 'string').length !== 0) - output.push(printVuln(vuln, c, data.vulnerabilities)) + if (vuln.via.filter(v => typeof v !== 'string').length !== 0) { + output.push(printVuln(vuln, c, data.vulnerabilities, printed)) + } } output.push(summary) @@ -25,9 +26,10 @@ const fullReport = (data, { color, summary }) => { return output.join('\n') } -const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') => { - if (printed.has(vuln)) +const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => { + if (printed.has(vuln)) { return null + } printed.add(vuln) const output = [] @@ -59,7 +61,7 @@ const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') = `${c.yellow('fix available')} via \`npm audit fix --force\``, `Will install ${fa.name}@${fa.version}` + `, which is ${fa.isSemVerMajor ? 'a breaking change' : - 'outside the stated dependency range' }` + 'outside the stated dependency range'}` ) } } @@ -70,10 +72,10 @@ const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') = } for (const effect of vuln.effects) { - const vuln = vulnerabilities[effect] - const e = printVuln(vuln, c, vulnerabilities, printed, ' ') - if (e) + const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, ' ') + if (e) { output.push(...e.split('\n')) + } } if (indent === '') { diff --git a/node_modules/npm-audit-report/lib/reporters/install.js b/node_modules/npm-audit-report/lib/reporters/install.js index fe53be3adad76..cb8a249691e29 100644 --- a/node_modules/npm-audit-report/lib/reporters/install.js +++ b/node_modules/npm-audit-report/lib/reporters/install.js @@ -3,7 +3,7 @@ const colors = require('../colors.js') const calculate = (data, { color }) => { const c = colors(color) const output = [] - const { metadata: { vulnerabilities }} = data + const { metadata: { vulnerabilities } } = data const vulnCount = vulnerabilities.total let someFixable = false @@ -14,7 +14,7 @@ const calculate = (data, { color }) => { if (vulnCount === 0) { output.push(`found ${c.green('0')} vulnerabilities`) } else { - for (const [name, vuln] of Object.entries(data.vulnerabilities)) { + for (const [, vuln] of Object.entries(data.vulnerabilities)) { const { fixAvailable } = vuln someFixable = someFixable || fixAvailable === true someUnfixable = someUnfixable || fixAvailable === false @@ -45,7 +45,7 @@ const calculate = (data, { color }) => { if (someFixable) { output.push('', 'To address ' + (someForceFixable || someUnfixable ? 'issues that do not require attention' - : 'all issues') + ', run:\n npm audit fix') + : 'all issues') + ', run:\n npm audit fix') } if (someForceFixable) { @@ -66,10 +66,10 @@ const calculate = (data, { color }) => { return { summary, report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.` - : summary + : summary, } } module.exports = Object.assign((data, opt) => calculate(data, opt).report, { - summary: (data, opt) => calculate(data, opt).summary + summary: (data, opt) => calculate(data, opt).summary, }) diff --git a/node_modules/npm-audit-report/package.json b/node_modules/npm-audit-report/package.json index c819b9608412a..8749c14582fa9 100644 --- a/node_modules/npm-audit-report/package.json +++ b/node_modules/npm-audit-report/package.json @@ -1,6 +1,6 @@ { "name": "npm-audit-report", - "version": "2.1.5", + "version": "3.0.0", "description": "Given a response from the npm security api, render it into a variety of security reports", "main": "lib/index.js", "scripts": { @@ -8,7 +8,12 @@ "snap": "tap", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint" }, "tap": { "check-coverage": true, @@ -20,14 +25,16 @@ "report", "audit" ], - "author": "Adam Baldwin", + "author": "GitHub Inc.", "license": "ISC", "dependencies": { "chalk": "^4.0.0" }, "devDependencies": { + "@npmcli/eslint-config": "^3.0.1", + "@npmcli/template-oss": "3.1.2", "require-inject": "^1.4.4", - "tap": "^14.10.7" + "tap": "^16.0.0" }, "directories": { "lib": "lib", @@ -35,18 +42,22 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/npm/npm-audit-report.git" + "url": "https://github.com/npm/npm-audit-report.git" }, "bugs": { "url": "https://github.com/npm/npm-audit-report/issues" }, "homepage": "https://github.com/npm/npm-audit-report#readme", "files": [ - "index.js", - "lib", + "bin/", + "lib/", "reporters" ], "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.1.2" } } diff --git a/package-lock.json b/package-lock.json index 648a7496f8a70..dc815b144aac4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -130,7 +130,7 @@ "ms": "^2.1.2", "node-gyp": "^9.0.0", "nopt": "^5.0.0", - "npm-audit-report": "^2.1.5", + "npm-audit-report": "^3.0.0", "npm-install-checks": "^4.0.0", "npm-package-arg": "^9.0.1", "npm-pick-manifest": "^7.0.0", @@ -5336,15 +5336,15 @@ } }, "node_modules/npm-audit-report": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-2.1.5.tgz", - "integrity": "sha512-YB8qOoEmBhUH1UJgh1xFAv7Jg1d+xoNhsDYiFQlEFThEBui0W1vIz2ZK6FVg4WZjwEdl7uBQlm1jy3MUfyHeEw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-3.0.0.tgz", + "integrity": "sha512-tWQzfbwz1sc4244Bx2BVELw0EmZlCsCF0X93RDcmmwhonCsPMoEviYsi+32R+mdRvOWXolPce9zo64n2xgPESw==", "inBundle": true, "dependencies": { "chalk": "^4.0.0" }, "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, "node_modules/npm-bundled": { @@ -14835,9 +14835,9 @@ "dev": true }, "npm-audit-report": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-2.1.5.tgz", - "integrity": "sha512-YB8qOoEmBhUH1UJgh1xFAv7Jg1d+xoNhsDYiFQlEFThEBui0W1vIz2ZK6FVg4WZjwEdl7uBQlm1jy3MUfyHeEw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-3.0.0.tgz", + "integrity": "sha512-tWQzfbwz1sc4244Bx2BVELw0EmZlCsCF0X93RDcmmwhonCsPMoEviYsi+32R+mdRvOWXolPce9zo64n2xgPESw==", "requires": { "chalk": "^4.0.0" } diff --git a/package.json b/package.json index d51ffcd4dc4fb..82db5e8d3b922 100644 --- a/package.json +++ b/package.json @@ -98,7 +98,7 @@ "ms": "^2.1.2", "node-gyp": "^9.0.0", "nopt": "^5.0.0", - "npm-audit-report": "^2.1.5", + "npm-audit-report": "^3.0.0", "npm-install-checks": "^4.0.0", "npm-package-arg": "^9.0.1", "npm-pick-manifest": "^7.0.0",