@soluto-asurion/kamus-cli - npm Package Compare versions

Comparing version 0.2.3 to 0.3.0

lib/actions/encrypt.js

@@ -6,3 +6,3 @@ const bluebird = require('bluebird');
 const fs = require('fs');
-const Confirm = require('prompt-confirm');
+const { Confirm } = require('enquirer');
 const request = require('request');
@@ -14,2 +14,3 @@ const { promisify } = require('util');
 const pjson = require('../../package.json');
+const urljoin = require('url-join');
 
@@ -19,3 +20,3 @@ const DEFAULT_ENCODING = 'utf8';
 module.exports = async (args, options, logger) => {
-
+    
     const { serviceAccount, namespace } = options;
@@ -27,2 +28,3 @@ logger.info('Encryption started...');
     try {
+        logger.debug('Validating Arguments');
         validateArguments(options);
@@ -35,5 +37,8 @@
         else {
+            logger.debug('Acquiring authentication token');
             token = await acquireToken(options, logger);
         }
-        const encryptedSecret = await encrypt(options, token);
+        logger.debug('Starting secret encryption');
+        const encryptedSecret = await encrypt(options, logger, token);
+        logger.debug('Secret encryption finished');
 
@@ -50,11 +55,15 @@ logger.info(`Successfully encrypted data to ${serviceAccount} service account in ${namespace} namespace`);
 
-const checkForNewlines = async (secret) => {
+const checkForNewlines = async (secret, logger) => {
     const eolIndex = secret.indexOf(os.EOL);
     
     if (eolIndex !== -1) {
-        const newlinesDetectedPrompt = new Confirm(`Secret contains newlines at index ${eolIndex}. Continue encrypting this secret?`);
+        const newlinesDetectedPrompt = new Confirm({
+            name: 'question',
+            message: `Secret contains newlines at index ${eolIndex}. Continue encrypting this secret?`
+        });
         const response = await newlinesDetectedPrompt.run();
         
         if (!response) {
-            throw new Error('Aborted secret encryption');
+            logger.info('Aborting - secrets contains newline');
+            process.exit(0);
         }
@@ -64,6 +73,15 @@ }
 
-const encrypt = async ({ secret, secretFile, serviceAccount, namespace, kamusUrl, certFingerprint, fileEncoding }, token = null) => {
-    // eslint-disable-next-line security/detect-non-literal-fs-filename
-    const data = secretFile ? fs.readFileSync(secretFile, { encoding: fileEncoding || DEFAULT_ENCODING }) : secret;
-    await checkForNewlines(data);
+const encrypt = async ({ secret, secretFile, serviceAccount, namespace, kamusUrl, certFingerprint, fileEncoding }, logger, token = null) => {
+    let data;
+    if (secretFile) {
+        logger.debug(`Reading secret file ${secretFile}`);
+        // eslint-disable-next-line security/detect-non-literal-fs-filename
+        data = fs.readFileSync(secretFile, { encoding: fileEncoding || DEFAULT_ENCODING });
+    } else {
+        data = secret;
+    }
+
+    await checkForNewlines(data, logger);
+    
+    logger.debug(`starting request to encrypt api at ${kamusUrl}`);
     const response = await performEncryptRequestAsync(data, serviceAccount, namespace, kamusUrl, certFingerprint, token);
@@ -73,2 +91,3 @@ if (response && response.statusCode >= 300) {
     }
+    logger.debug('Request to encrypt api finished successfully');
     return response.body;
@@ -110,3 +129,3 @@ };
     if (isDocker()) {
-        logger.info(`Login to https://microsoft.com/devicelogin Enter this code to authenticate: ${userCodeResult.userCode}`);
+        logger.info(`Open "https://microsoft.com/devicelogin" in browser and login to Azure with the following code: ${userCodeResult.userCode}`);
     } else {
@@ -139,3 +158,3 @@ opn(userCodeResult.verificationUrl);
     const options = {
-        url: url.resolve(kamusUrl, '/api/v1/encrypt'),
+        url: urljoin(kamusUrl, '/api/v1/encrypt'),
         headers,
@@ -172,2 +191,3 @@ // Certificate validation
     if (outputFile) {
+        logger.debug(`Starting to write encrypted data to ${outputFile}`);
         // eslint-disable-next-line security/detect-non-literal-fs-filename
@@ -183,2 +203,2 @@ fs.writeFileSync(outputFile, encryptedSecret, {
     }
-};
+};

lib/index.js

@@ -8,10 +8,14 @@ #!/usr/bin/env node
 
-const { ColorfulChalkLogger, DEBUG } = require('colorful-chalk-logger');
- 
+const { ColorfulChalkLogger, INFO } = require('colorful-chalk-logger');
+
+const isVerboseLogging = (args) => args.indexOf('--verbose') > -1 || args.indexOf('-v') > -1;
+
 const logger = new ColorfulChalkLogger('kamus-cli', {
-  level: DEBUG,   // the default value is INFO
-  date: false,    // the default value is false.
-  colorful: true, // the default value is true.
-}, process.argv);
+  level: INFO,
+  date: false,
+  colorful: true, 
+}, isVerboseLogging(process.argv) ? process.argv.concat(['--log-level', 'debug']) : process.argv); // translate to ColorfulChalkLogger log level
 
+process.argv = process.argv.filter(x => x != '--verbose' && x != '-v' ); // ColorfulChalkLogger got the verbose, don't pass it to caporal
+
 prog
@@ -35,3 +39,2 @@ .logger(logger)
   .option('-O, --overwrite', 'Overwrites file if it already exists', prog.BOOL)
-  .option('--log-level <debug|verbose|info|warn|error|fatal>', 'log level', prog.STRING)
   .option('--log-flag <date|inline|colorful|no-date|no-inline|no-colorful>', 'log format', prog.STRING)
@@ -38,0 +41,0 @@ .option('--log-output <filepath>', 'output log to file', prog.STRING)

package.json

 {
   "name": "@soluto-asurion/kamus-cli",
-  "version": "0.2.3",
+  "version": "0.3.0",
   "description": "CLI Tool to encrypt secrets for kamus",
@@ -8,3 +8,5 @@ "main": "index.js",
     "test": "node_modules/.bin/mocha ./test/*.spec.js --exit",
-    "eslint": "eslint . --ignore-pattern node_modules/"
+    "eslint": "eslint . --ignore-pattern node_modules/",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
@@ -31,21 +33,23 @@ "repository": {
   "dependencies": {
-    "adal-node": "^0.1.28",
+    "adal-node": "^0.2.0",
     "bluebird": "^3.5.3",
     "caporal": "^1.1.0",
-    "colorful-chalk-logger": "^0.3.2",
+    "colorful-chalk-logger": "^0.4.0",
+    "enquirer": "^2.3.0",
     "node-fetch": "^2.3.0",
     "opn": "^5.4.0",
-    "prompt-confirm": "^2.0.4",
-    "request": "^2.88.0"
+    "request": "^2.88.0",
+    "snyk": "^1.198.0",
+    "url-join": "^4.0.1"
   },
   "devDependencies": {
-    "chai": "^4.2.0",
-    "eslint": "^5.12.0",
-    "eslint-plugin-security": "^1.4.0",
-    "husky": "^1.3.1",
-    "lint-staged": "^8.1.0",
-    "mocha": "^5.2.0",
-    "mock-fs": "^4.7.0",
-    "nock": "^10.0.5",
-    "sinon": "^7.2.2"
+    "chai": "4.2.0",
+    "eslint": "6.5.1",
+    "eslint-plugin-security": "1.4.0",
+    "husky": "3.0.8",
+    "lint-staged": "9.4.1",
+    "mocha": "6.2.1",
+    "mock-fs": "4.10.1",
+    "nock": "11.3.5",
+    "sinon": "7.5.0"
   },
@@ -69,3 +73,4 @@ "files": [
     }
-  }
+  },
+  "snyk": true
 }

Fixed alerts

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

195950

increased by22.6%

Lines of code

223

increased by9.85%

Number of medium maintenance alerts

0

decreased by-100%

Worsened metrics

Dependency count

10

increased by25%

Dependency changes

• + Addedenquirer@^2.3.0

• + Addedsnyk@^1.198.0

• + Addedurl-join@^4.0.1

• + Added@sentry-internal/tracing@7.120.3(transitive)

• + Added@sentry/core@7.120.3(transitive)

• + Added@sentry/integrations@7.120.3(transitive)

• + Added@sentry/node@7.120.3(transitive)

• + Added@sentry/types@7.120.3(transitive)

• + Added@sentry/utils@7.120.3(transitive)

• + Added@xmldom/xmldom@0.8.10(transitive)

• + Addedadal-node@0.2.4(transitive)

• + Addedansi-colors@4.1.3(transitive)

• + Addedansi-regex@5.0.1(transitive)

• + Addedaxios@0.21.4(transitive)

• + Addedboolean@3.2.0(transitive)

• + Addedcolorful-chalk-logger@0.4.2(transitive)

• + Addeddefine-data-property@1.1.4(transitive)

• + Addeddefine-properties@1.2.1(transitive)

• + Addeddetect-node@2.1.0(transitive)

• + Addedenquirer@2.4.1(transitive)

• + Addedes-define-property@1.0.1(transitive)

• + Addedes-errors@1.3.0(transitive)

• + Addedes6-error@4.1.1(transitive)

• + Addedescape-string-regexp@4.0.0(transitive)

• + Addedfollow-redirects@1.15.9(transitive)

• + Addedglobal-agent@3.0.0(transitive)

• + Addedglobalthis@1.0.4(transitive)

• + Addedgopd@1.2.0(transitive)

• + Addedhas-property-descriptors@1.0.2(transitive)

• + Addedimmediate@3.0.6(transitive)

• + Addedlie@3.1.1(transitive)

• + Addedlocalforage@1.10.0(transitive)

• + Addedmatcher@3.0.0(transitive)

• + Addedobject-keys@1.1.1(transitive)

• + Addedroarr@2.15.4(transitive)

• + Addedsemver@7.7.1(transitive)

• + Addedsemver-compare@1.0.0(transitive)

• + Addedserialize-error@7.0.1(transitive)

• + Addedsnyk@1.1295.3(transitive)

• + Addedsprintf-js@1.1.3(transitive)

• + Addedstrip-ansi@6.0.1(transitive)

• + Addedtype-fest@0.13.1(transitive)

• + Addedurl-join@4.0.1(transitive)

• - Removedprompt-confirm@^2.0.4

• - Removed@types/node@8.10.66(transitive)

• - Removedadal-node@0.1.28(transitive)

• - Removedansi-bgblack@0.1.1(transitive)

• - Removedansi-bgblue@0.1.1(transitive)

• - Removedansi-bgcyan@0.1.1(transitive)

• - Removedansi-bggreen@0.1.1(transitive)

• - Removedansi-bgmagenta@0.1.1(transitive)

• - Removedansi-bgred@0.1.1(transitive)

• - Removedansi-bgwhite@0.1.1(transitive)

• - Removedansi-bgyellow@0.1.1(transitive)

• - Removedansi-black@0.1.1(transitive)

• - Removedansi-blue@0.1.1(transitive)

• - Removedansi-bold@0.1.1(transitive)

• - Removedansi-colors@0.2.0(transitive)

• - Removedansi-cyan@0.1.1(transitive)

• - Removedansi-dim@0.1.1(transitive)

• - Removedansi-gray@0.1.1(transitive)

• - Removedansi-green@0.1.1(transitive)

• - Removedansi-grey@0.1.1(transitive)

• - Removedansi-hidden@0.1.1(transitive)

• - Removedansi-inverse@0.1.1(transitive)

• - Removedansi-italic@0.1.1(transitive)

• - Removedansi-magenta@0.1.1(transitive)

• - Removedansi-red@0.1.1(transitive)

• - Removedansi-reset@0.1.1(transitive)

• - Removedansi-strikethrough@0.1.1(transitive)

• - Removedansi-underline@0.1.1(transitive)

• - Removedansi-white@0.1.1(transitive)

• - Removedansi-wrap@0.1.0(transitive)

• - Removedansi-yellow@0.1.1(transitive)

• - Removedarr-flatten@1.1.0(transitive)

• - Removedarr-swap@1.0.1(transitive)

• - Removedasync@3.2.6(transitive)

• - Removedchoices-separator@2.0.0(transitive)

• - Removedclone-deep@1.0.04.0.1(transitive)

• - Removedcollection-visit@1.0.0(transitive)

• - Removedcolorful-chalk-logger@0.3.2(transitive)

• - Removedcomponent-emitter@1.3.1(transitive)

• - Removedcopy-descriptor@0.1.1(transitive)

• - Removeddebug@3.2.7(transitive)

• - Removeddefine-property@0.2.51.0.02.0.2(transitive)

• - Removederror-symbol@0.1.0(transitive)

• - Removedextend-shallow@2.0.1(transitive)

• - Removedfor-in@0.1.81.0.2(transitive)

• - Removedfor-own@1.0.0(transitive)

• - Removedfunction-bind@1.1.2(transitive)

• - Removedhasown@2.0.2(transitive)

• - Removedinfo-symbol@0.1.0(transitive)

• - Removedis-accessor-descriptor@1.0.1(transitive)

• - Removedis-buffer@1.1.6(transitive)

• - Removedis-data-descriptor@1.0.1(transitive)

• - Removedis-descriptor@0.1.71.0.3(transitive)

• - Removedis-extendable@0.1.1(transitive)

• - Removedis-number@3.0.06.0.0(transitive)

• - Removedis-plain-object@2.0.4(transitive)

• - Removedis-windows@1.0.2(transitive)

• - Removedisobject@3.0.1(transitive)

• - Removedkind-of@3.2.25.1.06.0.3(transitive)

• - Removedkoalas@1.0.2(transitive)

• - Removedlazy-cache@2.0.2(transitive)

• - Removedlog-ok@0.1.1(transitive)

• - Removedlog-utils@0.2.1(transitive)

• - Removedmap-visit@1.0.0(transitive)

• - Removedmixin-object@2.0.1(transitive)

• - Removedms@2.1.3(transitive)

• - Removedmute-stream@0.0.7(transitive)

• - Removedobject-copy@0.1.0(transitive)

• - Removedobject-visit@1.0.1(transitive)

• - Removedpointer-symbol@1.0.0(transitive)

• - Removedprompt-actions@3.0.2(transitive)

• - Removedprompt-base@4.1.0(transitive)

• - Removedprompt-choices@4.1.0(transitive)

• - Removedprompt-confirm@2.0.4(transitive)

• - Removedprompt-question@5.0.2(transitive)

• - Removedradio-symbol@2.0.0(transitive)

• - Removedreadline-ui@2.2.3(transitive)

• - Removedreadline-utils@2.2.3(transitive)

• - Removedset-getter@0.1.1(transitive)

• - Removedset-value@3.0.3(transitive)

• - Removedshallow-clone@1.0.03.0.1(transitive)

• - Removedstatic-extend@0.1.2(transitive)

• - Removedstrip-color@0.1.0(transitive)

• - Removedsuccess-symbol@0.1.0(transitive)

• - Removedterminal-paginator@2.0.2(transitive)

• - Removedtime-stamp@1.1.0(transitive)

• - Removedto-object-path@0.3.0(transitive)

• - Removedtoggle-array@1.0.1(transitive)

• - Removedwarning-symbol@0.1.0(transitive)

• - Removedwindow-size@1.1.1(transitive)

• - Removedxmldom@0.6.0(transitive)

• Updatedadal-node@^0.2.0

• Updatedcolorful-chalk-logger@^0.4.0