forked from npm/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaudit.js
76 lines (66 loc) · 1.84 KB
/
audit.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
const Arborist = require('@npmcli/arborist')
const auditReport = require('npm-audit-report')
const reifyFinish = require('./utils/reify-finish.js')
const auditError = require('./utils/audit-error.js')
const BaseCommand = require('./base-command.js')
class Audit extends BaseCommand {
/* istanbul ignore next - see test/lib/load-all-commands.js */
static get description () {
return 'Run a security audit'
}
/* istanbul ignore next - see test/lib/load-all-commands.js */
static get name () {
return 'audit'
}
/* istanbul ignore next - see test/lib/load-all-commands.js */
static get params () {
return [
'audit-level',
'dry-run',
'force',
'json',
'package-lock-only',
'production',
]
}
/* istanbul ignore next - see test/lib/load-all-commands.js */
static get usage () {
return ['[fix]']
}
async completion (opts) {
const argv = opts.conf.argv.remain
if (argv.length === 2)
return ['fix']
switch (argv[2]) {
case 'fix':
return []
default:
throw new Error(argv[2] + ' not recognized')
}
}
exec (args, cb) {
this.audit(args).then(() => cb()).catch(cb)
}
async audit (args) {
const reporter = this.npm.config.get('json') ? 'json' : 'detail'
const opts = {
...this.npm.flatOptions,
audit: true,
path: this.npm.prefix,
reporter,
}
const arb = new Arborist(opts)
const fix = args[0] === 'fix'
await arb.audit({ fix })
if (fix)
await reifyFinish(this.npm, arb)
else {
// will throw if there's an error, because this is an audit command
auditError(this.npm, arb.auditReport)
const result = auditReport(arb.auditReport, opts)
process.exitCode = process.exitCode || result.exitCode
this.npm.output(result.report)
}
}
}
module.exports = Audit