Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

audit-app

Package Overview
Dependencies
Maintainers
1
Versions
17
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

audit-app - npm Package Compare versions

Comparing version 0.5.2 to 0.5.3

14

CHANGELOG.md

@@ -1,3 +0,13 @@

# [Unreleased](https://github.com/G-Rath/audit-app/compare/v0.5.2...HEAD) (YYYY-MM-DD)
# [Unreleased](https://github.com/G-Rath/audit-app/compare/v0.5.3...HEAD) (YYYY-MM-DD)
# [0.5.3](https://github.com/G-Rath/audit-app/compare/v0.5.2...v0.5.3) (2021-06-11)
### Bug fixes
- improve grammar of "missing ignored vulnerabilities" message ([#11][])
- make it more obvious that the "missing ignored vulnerabilities" message is an
error rather than a warning ([#11][])
- support dependencies with multiple vulnerabilities when using `npm` v7
([#10][])
# [0.5.2](https://github.com/G-Rath/audit-app/compare/v0.5.1...v0.5.2) (2021-02-24)

@@ -87,2 +97,4 @@

[#11]: https://github.com/G-Rath/audit-app/pull/11
[#10]: https://github.com/G-Rath/audit-app/pull/10
[191652d8]: https://github.com/G-Rath/audit-app/commit/191652d8

@@ -89,0 +101,0 @@ [70ced7f9]: https://github.com/G-Rath/audit-app/commit/70ced7f9

97

lib/audit.js

@@ -21,10 +21,2 @@ "use strict";

});
const tryOrCall = (fn, er) => (...args) => {
try {
fn(...args);
}
catch (error) {
er(error);
}
};
const npm7AdvisoryToFinding = (advisory) => ({

@@ -50,15 +42,13 @@ id: advisory.source,

const results = { findings: {}, dependencyStatistics: {} };
return new Promise((resolve, reject) => {
stdout.on('error', reject);
stdout.on('data', tryOrCall(line => {
const parsedLine = JSON.parse(line);
if (parsedLine.type === 'auditSummary') {
results.dependencyStatistics = extractDependencyStatistics(parsedLine.data);
}
if (parsedLine.type === 'auditAdvisory') {
results.findings[parsedLine.data.advisory.id.toString()] = npm6AdvisoryToFinding(parsedLine.data.advisory);
}
}, reject));
stdout.on('end', () => resolve(results));
});
for await (const line of stdout) {
const parsedLine = JSON.parse(line.toString());
if (parsedLine.type === 'auditSummary') {
results.dependencyStatistics = extractDependencyStatistics(parsedLine.data);
}
if (parsedLine.type === 'auditAdvisory') {
results.findings[parsedLine.data.advisory.id.toString()] =
npm6AdvisoryToFinding(parsedLine.data.advisory);
}
}
return results;
};

@@ -70,33 +60,40 @@ const toMapOfFindings = (findings) => {

};
/**
* Finds all the advisories that are included with the given record of
* `vulnerabilities` provided by the audit output of `npm` v7.
*
* @param {Record<string, Npm7Vulnerability>} vulnerabilities
*
* @return {Array<Npm7Advisory>}
*/
const findAdvisories = (vulnerabilities) => {
return Object.values(vulnerabilities)
.reduce((all, { via }) => all.concat(via), [])
.filter((via) => typeof via === 'object');
};
const collectNpmAuditResults = async (stdout) => {
let json = '';
return new Promise((resolve, reject) => {
stdout.on('error', reject);
stdout.on('data', tryOrCall(line => (json += line), reject));
stdout.on('end', tryOrCall(() => {
if (json.trim().startsWith('ERROR')) {
console.log(json);
throw new Error(json);
}
const auditOutput = JSON.parse(json);
if ('error' in auditOutput) {
const errorMessage = `${auditOutput.error.code}: ${auditOutput.error.summary}`;
console.log(errorMessage);
throw new Error(errorMessage);
}
if ('auditReportVersion' in auditOutput) {
resolve({
findings: toMapOfFindings(Object.values(auditOutput.vulnerabilities)
.filter((vul) => vul.via.length === 1 && typeof vul.via[0] === 'object')
.map(vul => npm7AdvisoryToFinding(vul.via[0]))),
dependencyStatistics: extractDependencyStatisticsFromNpm7(auditOutput.metadata)
});
return;
}
resolve({
findings: toMapOfFindings(Object.values(auditOutput.advisories).map(npm6AdvisoryToFinding)),
dependencyStatistics: extractDependencyStatistics(auditOutput.metadata)
});
}, reject));
});
for await (const line of stdout) {
json += line;
}
if (json.trim().startsWith('ERROR')) {
console.log(json);
throw new Error(json);
}
const auditOutput = JSON.parse(json);
if ('error' in auditOutput) {
const errorMessage = `${auditOutput.error.code}: ${auditOutput.error.summary}`;
console.log(errorMessage);
throw new Error(errorMessage);
}
if ('auditReportVersion' in auditOutput) {
return {
findings: toMapOfFindings(findAdvisories(auditOutput.vulnerabilities).map(via => npm7AdvisoryToFinding(via))),
dependencyStatistics: extractDependencyStatisticsFromNpm7(auditOutput.metadata)
};
}
return {
findings: toMapOfFindings(Object.values(auditOutput.advisories).map(npm6AdvisoryToFinding)),
dependencyStatistics: extractDependencyStatistics(auditOutput.metadata)
};
};

@@ -103,0 +100,0 @@ const audit = async (dir, packageManager) => {

8

lib/formatReport.js

@@ -96,3 +96,6 @@ "use strict";

]).join('\n');
const getHighestSeverity = (severities) => { var _a; return (_a = Object.keys(severityColors).reverse().find(severity => severities[severity] > 0)) !== null && _a !== void 0 ? _a : 'info'; };
const getHighestSeverity = (severities) => {
var _a;
return (_a = Object.keys(severityColors).reverse().find(severity => severities[severity] > 0)) !== null && _a !== void 0 ? _a : 'info';
};
const compareFindings = (a, b) => a.name.localeCompare(b.name) ||

@@ -120,5 +123,6 @@ Severities.indexOf(b.severity) - Severities.indexOf(a.severity);

if (missing) {
const grammar = missing === 1 ? 'vulnerability that was' : 'vulnerabilities that were';
lines.push([''], [
'',
`missing ${missing} vulnerabilities that were expected to have to ignored`
`error: missing ${missing} ${grammar} expected to have to ignore`
]);

@@ -125,0 +129,0 @@ }

36

package.json
{
"name": "audit-app",
"version": "0.5.2",
"version": "0.5.3",
"description": "A cli tool for auditing apps & packages using their respective package managers.",

@@ -55,30 +55,30 @@ "keywords": [

"devDependencies": {
"@jest/types": "^26.6.2",
"@types/eslint": "^7.2.6",
"@types/jest": "^26.0.20",
"@types/node": "^14.14.25",
"@jest/types": "^27.0.2",
"@types/eslint": "^7.2.13",
"@types/jest": "^26.0.23",
"@types/node": "^14.17.3",
"@types/readline-transform": "^1.0.0",
"@types/wrap-ansi": "^3.0.0",
"@types/yargs": "^16.0.0",
"@typescript-eslint/eslint-plugin": "^4.15.0",
"@typescript-eslint/parser": "^4.15.0",
"@types/yargs": "^16.0.3",
"@typescript-eslint/eslint-plugin": "^4.26.1",
"@typescript-eslint/parser": "^4.26.1",
"ajv": "^7.1.0",
"eslint": "^7.19.0",
"eslint-config-ackama": "^2.0.1",
"eslint": "^7.28.0",
"eslint-config-ackama": "^2.1.2",
"eslint-plugin-eslint-comments": "^3.2.0",
"eslint-plugin-import": "^2.22.1",
"eslint-plugin-jest": "^24.1.3",
"eslint-plugin-jest-formatting": "^2.0.1",
"eslint-plugin-import": "^2.23.4",
"eslint-plugin-jest": "^24.3.6",
"eslint-plugin-jest-formatting": "^3.0.0",
"eslint-plugin-node": "^11.1.0",
"eslint-plugin-prettier": "^3.3.1",
"jest": "^26.6.3",
"eslint-plugin-prettier": "^3.4.0",
"jest": "^27.0.4",
"memfs": "^3.2.0",
"prettier": "^2.2.1",
"prettier": "^2.3.1",
"prettier-config-ackama": "^0.1.2",
"ts-jest": "^26.5.1",
"ts-jest": "^27.0.3",
"ts-node": "^9.1.1",
"ttypescript": "^1.5.12",
"typescript": "^4.1.5",
"typescript": "^4.3.2",
"unionfs": "^4.4.0"
}
}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc