@beuluis/hook-cli - npm Package Compare versions

Comparing version 1.0.6 to 1.1.0

dist/modules/checkForVulnerabilities.js

@@ -7,2 +7,16 @@ "use strict";
 const exec_helper_1 = require("../util/exec.helper");
+const npm_helper_1 = require("../util/npm.helper");
+const yarn_helper_1 = require("../util/yarn.helper");
+const filterAuditResult = (auditResult) => {
+    if (isAuditResult(auditResult)) {
+        return {
+            info: auditResult.info,
+            low: auditResult.low,
+            moderate: auditResult.moderate,
+            high: auditResult.high,
+            critical: auditResult.critical,
+        };
+    }
+    throw new Error('Package manager returned unexpected json');
+};
 const isAuditResult = (obj) => Object.prototype.hasOwnProperty.call(obj, 'info') &&
@@ -18,35 +32,2 @@ typeof obj.info === 'number' &&
     typeof obj.critical === 'number';
-const isYarnObject = (obj) => Object.prototype.hasOwnProperty.call(obj, 'type') &&
-    typeof obj.type === 'string' &&
-    Object.prototype.hasOwnProperty.call(obj, 'data');
-const NPMJsonParser = (stdout) => {
-    const outputObj = JSON.parse(stdout);
-    if (Object.prototype.hasOwnProperty.call(outputObj, 'message')) {
-        throw new Error(outputObj.message);
-    }
-    const auditResult = outputObj.metadata.vulnerabilities;
-    if (isAuditResult(auditResult)) {
-        return auditResult;
-    }
-    throw new Error('Unable to parse npm json response');
-};
-const YarnJsonParser = (stdout, stderr) => {
-    const rawOutputArr = stdout.split(/\r?\n/);
-    const rawErrorArr = stderr.split(/\r?\n/);
-    // filter empty elements for new line at the end
-    const outputObj = JSON.parse(`[${rawOutputArr.filter(el => el).join()}]`);
-    const errorObj = JSON.parse(`[${rawErrorArr.filter(el => el).join()}]`);
-    const error = errorObj.find(el => isYarnObject(el) && el.type === 'error');
-    if (error) {
-        throw new Error(typeof error.data === 'string' ? error.data : 'Unknown error');
-    }
-    const result = outputObj.find(el => isYarnObject(el) && el.type === 'auditSummary');
-    if (result) {
-        const auditResult = result.data.vulnerabilities;
-        if (isAuditResult(auditResult)) {
-            return auditResult;
-        }
-    }
-    throw new Error('Unable to parse yarn json response');
-};
 const auditCommandBuilder = (packageManager, prod) => {
@@ -64,3 +45,3 @@ let command = `${packageManager} audit`;
 };
-const totalVulnerabilities = (obj) => obj.info + obj.low + obj.moderate + obj.high + obj.critical; // be specific because the obj could have other stuff in it
+const totalVulnerabilities = (obj) => Object.values(obj).reduce((a, b) => a + b);
 module.exports = (0, commandModule_helper_1.registerCommandModule)({
@@ -73,3 +54,3 @@ command: 'checkForVulnerabilities',
             choices: ['npm', 'yarn'],
-            description: 'The package manager you want to use',
+            description: 'The package manager you want to use. Keep in mind that both package managers report differently',
             default: 'npm',
@@ -107,6 +88,15 @@ },
                         if (packageManager === 'npm') {
-                            auditResult = NPMJsonParser(e.stdout);
+                            const result = (0, npm_helper_1.NPMOutputParser)(e.stdout).metadata.vulnerabilities;
+                            auditResult = filterAuditResult(result);
                         }
                         else if (packageManager === 'yarn') {
-                            auditResult = YarnJsonParser(e.stdout, e.stderr);
+                            const result = (0, yarn_helper_1.YarnOutputParser)(e.stdout, e.stderr);
+                            const auditSummary = result.find(el => el.type === 'auditSummary');
+                            if (auditSummary) {
+                                const vulnerabilities = auditSummary.data.vulnerabilities;
+                                auditResult = filterAuditResult(vulnerabilities);
+                            }
+                            else {
+                                throw new Error('Yarn returned unexpected json');
+                            }
                         }
@@ -146,7 +136,8 @@ else {
                         }
+                        const auditCount = totalVulnerabilities(auditResult);
                         if (levelMet) {
-                            task.title = `Found ${console_log_colors_1.color.red(totalVulnerabilities(auditResult))} level ${console_log_colors_1.color.bgRed(auditLevel)} or higher vulnerabilities. Run '${console_log_colors_1.color.cyan(`${auditCommandBuilder(packageManager, prod)}`)}' for more information`;
+                            task.title = `Found ${console_log_colors_1.color.red(auditCount)} level ${console_log_colors_1.color.bgRed(auditLevel)} or higher vulnerabilities. Run '${console_log_colors_1.color.cyan(`${auditCommandBuilder(packageManager, prod)}`)}' for more information`;
                             throw new Error();
                         }
-                        task.title = `Found ${console_log_colors_1.color.cyan(totalVulnerabilities(auditResult))} vulnerabilities of lower level then ${console_log_colors_1.color.cyan(auditLevel)}`;
+                        task.title = `Found ${console_log_colors_1.color.cyan(auditCount)} vulnerabilities of lower level then ${console_log_colors_1.color.cyan(auditLevel)}`;
                         return Promise.resolve(); // We found some but we dont care because the level is not right
@@ -153,0 +144,0 @@ }

package.json

 {
   "name": "@beuluis/hook-cli",
-  "version": "1.0.6",
+  "version": "1.1.0",
   "description": "A small hook cli that can be used with for example husky",
@@ -34,2 +34,3 @@ "bin": {
     "console-log-colors": "^0.2.3",
+    "console-table-printer": "^2.11.0",
     "listr": "^0.14.3",
@@ -36,0 +37,0 @@ "yargs": "^17.5.1"

README.md

@@ -55,8 +55,8 @@ [![Contributors][contributors-shield]][contributors-url]
 
-| Option                    | Description                                                             | Type                                          | default    |
-| ------------------------- | ----------------------------------------------------------------------- | --------------------------------------------- | ---------- |
-| `-m`, `--package-manager` | The package manager you want to use                                     | `yarn`, `npm`                                 | `npm`      |
-| `-l`, `--audit-level`     | The severity of the vulnerabilities what the script will report         | `info`, `low`, `moderate`, `high`, `critical` | `critical` |
-| `-n`, `--no-fail`         | If true only prints warning messages and do not exit with not zero code | `boolean`                                     | `false`    |
-| `-p`, `--prod`            | If true only run audit for prod dependencies and skip dev ones          | `boolean`                                     | `false`    |
+| Option                    | Description                                                                                     | Type                                          | default    |
+| ------------------------- | ----------------------------------------------------------------------------------------------- | --------------------------------------------- | ---------- |
+| `-m`, `--package-manager` | The package manager you want to use. Keep in mind that both package managers report differently | `yarn`, `npm`                                 | `npm`      |
+| `-l`, `--audit-level`     | The severity of the vulnerabilities what the script will report                                 | `info`, `low`, `moderate`, `high`, `critical` | `critical` |
+| `-n`, `--no-fail`         | If true only prints warning messages and do not exit with not zero code                         | `boolean`                                     | `false`    |
+| `-p`, `--prod`            | If true only run audit for prod dependencies and skip dev ones                                  | `boolean`                                     | `false`    |
 
@@ -89,2 +89,29 @@ ##### Example usage
 
+#### updateReminder
+
+Prints a list of packages that have updates
+
+| Option                    | Description                                                                                     | Type          | default |
+| ------------------------- | ----------------------------------------------------------------------------------------------- | ------------- | ------- |
+| `-m`, `--package-manager` | The package manager you want to use. Keep in mind that both package managers report differently | `yarn`, `npm` | `npm`   |
+| `-f`, `--fail`            | If true it will exit with a non zero in case of updates                                         | `boolean`     | `false` |
+
+##### Example usage
+
+```bash
+npx hook-cli updateReminder
+```
+
+```bash
+npx hook-cli updateReminder - yarn
+```
+
+```bash
+npx hook-cli updateReminder -f
+```
+
+```bash
+npx hook-cli updateReminder - yarn -f
+```
+
 <!-- USEFUL -->
@@ -94,3 +121,3 @@
 
-- Print help page for command
+-   Print help page for command
 
@@ -101,8 +128,14 @@ ```bash
 
-- Test command during development
+-   Test command during development (Exit codes get not correctly forwarded)
 
 ```bash
-npm run hook-cli -- [command] --help
+npm run hook-cli -- [command]
 ```
 
+-   Test command during development with correct exi code
+
+```bash
+npx ts-node src/index.ts [command]
+```
+
 <!-- CONTRIBUTING -->
@@ -109,0 +142,0 @@

No alert changes

Improved metrics

Total package byte prevSize

66541

increased by30.6%

Number of package files

17

increased by54.55%

Lines of code

368

increased by76.08%

Number of lines in readme file

167

increased by24.63%

Worsened metrics

Dependency count

4

increased by33.33%

Dependency changes

• + Addedconsole-table-printer@^2.11.0

• + Addedconsole-table-printer@2.12.1(transitive)

• + Addedsimple-wcswidth@1.0.1(transitive)