@medic/audit-dependencies - npm Package Compare versions

Comparing version 0.0.3 to 1.0.0

package.json

 {
   "name": "@medic/audit-dependencies",
-  "version": "0.0.3",
+  "version": "1.0.0",
   "description": "Caches the results of npm audit so it only runs if the package-lock.json changes.",
@@ -9,3 +9,4 @@ "bin": {
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "mocha test/**/*.spec.js",
+    "eslint": "eslint src/**/*.js test/**/*.js"
   },
@@ -28,3 +29,9 @@ "repository": {
   },
-  "homepage": "https://github.com/medic/audit-dependencies#readme"
+  "homepage": "https://github.com/medic/audit-dependencies#readme",
+  "devDependencies": {
+    "chai": "^4.2.0",
+    "eslint": "^6.0.1",
+    "mocha": "^6.1.4",
+    "sinon": "^7.3.2"
+  }
 }

src/bin/audit.js

@@ -1,23 +0,14 @@
-const { spawn } = require('child_process');
-const { getCache, writeCache, getPackageLockHash } = require('../lib/utils');
+const utils = require('../lib/utils');
 
 const audit = callback => {
-  const npmAudit = spawn('npm', [ 'audit', '--json' ]);
-  let stdout = '';
-
-  npmAudit.stdout.on('data', data => {
-    stdout += data;
-  });
-
-  npmAudit.stderr.on('data', data => {
-    console.error(data.toString());
-  });
-
-  npmAudit.on('close', code => {
+  utils.npmAudit((err, output) => {
+    if (err) {
+      return callback(err);
+    }
     try {
-      callback(null, JSON.parse(stdout));
+      output = JSON.parse(output);
     } catch(e) {
       callback(new Error(`Error parsing output from 'npm audit'`));
     }
-    return;
+    callback(null, output);
   });
@@ -27,3 +18,3 @@ };
 const updateCache = (cache, callback) => {
-  getPackageLockHash((err, hash) => {
+  utils.getPackageLockHash((err, hash) => {
     if (err) {
@@ -33,3 +24,3 @@ return callback(err);
     cache.verified_hash = hash;
-    writeCache(cache, callback);
+    utils.writeCache(cache, callback);
   });
@@ -39,3 +30,3 @@ };
 const check = (audit, callback) => {
-  getCache((err, cache) => {
+  utils.getCache((err, cache) => {
     if (err) {
@@ -42,0 +33,0 @@ return callback(err);

src/bin/check.js

@@ -1,5 +0,5 @@
-const { getCache, getPackageLockHash } = require('../lib/utils');
+const utils = require('../lib/utils');
 
 const validatePackageLock = (cache, callback) => {
-  getPackageLockHash((err, current) => {
+  utils.getPackageLockHash((err, current) => {
     if (err) {
@@ -16,3 +16,3 @@ return callback(err);
 module.exports = callback => {
-  getCache((err, cache) => {
+  utils.getCache((err, cache) => {
     if (err) {
@@ -19,0 +19,0 @@ return callback(err);

src/lib/utils.js

@@ -1,11 +0,12 @@
-const { readFile, writeFile, ReadStream } = require('fs');
-const { join } = require('path');
-const { createHash } = require('crypto');
+const childProcess = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
 
 const CACHE_FILENAME = '.auditrc.json';
-const CACHE_FILE = join(process.cwd(), CACHE_FILENAME);
+const CACHE_FILE = path.join(process.cwd(), CACHE_FILENAME);
 const EMPTY_CACHE = { permitted: [] };
 
 const writeCache = (cache, callback) => {
-  writeFile(CACHE_FILE, JSON.stringify(cache, null, 2), callback);
+  fs.writeFile(CACHE_FILE, JSON.stringify(cache, null, 2), callback);
 };
@@ -24,4 +25,4 @@
   getPackageLockHash: callback => {
-    const md5sum = createHash('md5');
-    const stream = ReadStream('package-lock.json');
+    const md5sum = crypto.createHash('md5');
+    const stream = fs.ReadStream('package-lock.json');
     stream.on('data', d => md5sum.update(d));
@@ -31,3 +32,3 @@ stream.on('end', () => callback(null, md5sum.digest('hex')));
   getCache: callback => {
-    readFile(CACHE_FILE, { encoding: 'utf8' }, (err, data) => {
+    fs.readFile(CACHE_FILE, { encoding: 'utf8' }, (err, data) => {
       if (err) {
@@ -40,9 +41,23 @@ if (err.code === 'ENOENT') {
       try {
-        callback(null, JSON.parse(data));
+        data = JSON.parse(data);
       } catch(e) {
-        callback(new Error('Could not JSON parse .auditrc.json'));
+        return callback(new Error('Could not JSON parse .auditrc.json'));
       }
+      callback(null, data);
     });
   },
-  writeCache: writeCache
+  writeCache: writeCache,
+  npmAudit: callback => {
+    const npmAudit = childProcess.spawn('npm', [ 'audit', '--json' ]);
+    let stdout = '';
+    let stderr = '';
+    npmAudit.stdout.on('data', data => stdout += data);
+    npmAudit.stderr.on('data', data => stderr += data);
+    npmAudit.on('close', () => {
+      if (stderr) {
+        return callback(new Error(stderr));
+      }
+      callback(null, stdout);
+    });
+  }
 };

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

21986

increased by352.11%

Number of package files

11

increased by83.33%

Lines of code

263

increased by65.41%

Number of low quality alerts

0

decreased by-100%

Number of medium quality alerts

1

decreased by-50%

Number of lines in readme file

11

increased byInfinity%

Worsened metrics

Dev dependency count

4

increased byInfinity%

Number of low supply chain risk alerts

3

increased by200%

No dependency changes