Comparing version 6.5.0 to 6.6.0
@@ -56,2 +56,4 @@ import Allowlist, { type AllowlistRecord } from "./allowlist"; | ||
"skip-dev": boolean; | ||
/** extra positional args for underlying audit command */ | ||
"extra-args": string[]; | ||
}; | ||
@@ -58,0 +60,0 @@ type ComplexConfig = Omit<AuditCiPreprocessedConfig, "allowlist" | "a" | "p" | "o" | "d" | "s" | "r" | "l" | "m" | "h" | "c"> & { |
@@ -48,2 +48,8 @@ "use strict"; | ||
} | ||
function mapExtraArgumentsInput(config) { | ||
// These args will often be flags for another command, so we | ||
// want to have some way of escaping args that start with a -. | ||
// We'll look for and remove a single backslash at the start, if present. | ||
return config["extra-args"].map((a) => a.replace(/^\\/, "")); | ||
} | ||
/** | ||
@@ -95,2 +101,3 @@ * @param pmArgument the package manager (including the `auto` option) | ||
allowlist: allowlist, | ||
"extra-args": mapExtraArgumentsInput(argv), | ||
}; | ||
@@ -204,2 +211,7 @@ return result; | ||
}, | ||
"extra-args": { | ||
default: [], | ||
describe: "Pass additional arguments to the underlying audit command", | ||
type: "array", | ||
}, | ||
}) | ||
@@ -206,0 +218,0 @@ .help("help"); |
@@ -11,3 +11,3 @@ "use strict"; | ||
async function runNpmAudit(config) { | ||
const { directory, registry, _npm, "skip-dev": skipDevelopmentDependencies, } = config; | ||
const { directory, registry, _npm, "skip-dev": skipDevelopmentDependencies, "extra-args": extraArguments, } = config; | ||
const npmExec = _npm || "npm"; | ||
@@ -29,2 +29,5 @@ let stdoutBuffer = {}; | ||
} | ||
if (extraArguments) { | ||
arguments_.push(...extraArguments); | ||
} | ||
const options = { cwd: directory }; | ||
@@ -31,0 +34,0 @@ await (0, common_1.runProgram)(npmExec, arguments_, options, outListener, errorListener); |
@@ -37,3 +37,3 @@ "use strict"; | ||
async function runPnpmAudit(config) { | ||
const { directory, registry, _pnpm, "skip-dev": skipDevelopmentDependencies, } = config; | ||
const { directory, registry, _pnpm, "skip-dev": skipDevelopmentDependencies, "extra-args": extraArguments, } = config; | ||
const pnpmExec = _pnpm || "pnpm"; | ||
@@ -61,2 +61,5 @@ let stdoutBuffer = {}; | ||
} | ||
if (extraArguments) { | ||
arguments_.push(...extraArguments); | ||
} | ||
const options = { cwd: directory }; | ||
@@ -63,0 +66,0 @@ await (0, common_1.runProgram)(pnpmExec, arguments_, options, outListener, errorListener); |
@@ -68,3 +68,3 @@ "use strict"; | ||
async function audit(config, reporter = common_1.reportAudit) { | ||
const { levels, registry, "report-type": reportType, "skip-dev": skipDevelopmentDependencies, "output-format": outputFormat, _yarn, directory, } = config; | ||
const { levels, registry, "report-type": reportType, "skip-dev": skipDevelopmentDependencies, "output-format": outputFormat, _yarn, directory, "extra-args": extraArguments, } = config; | ||
const yarnExec = _yarn || "yarn"; | ||
@@ -195,2 +195,5 @@ let missingLockFile = false; | ||
} | ||
if (extraArguments) { | ||
arguments_.push(...extraArguments); | ||
} | ||
await (0, common_1.runProgram)(yarnExec, arguments_, options, outListener, errorListener); | ||
@@ -197,0 +200,0 @@ if (missingLockFile) { |
{ | ||
"name": "audit-ci", | ||
"version": "6.5.0", | ||
"version": "6.6.0", | ||
"description": "Audits NPM, Yarn, and PNPM projects in CI environments", | ||
@@ -64,14 +64,14 @@ "license": "Apache-2.0", | ||
"@types/sinon": "^10.0.13", | ||
"@types/yargs": "^17.0.18", | ||
"@typescript-eslint/eslint-plugin": "^5.47.1", | ||
"@typescript-eslint/parser": "^5.47.1", | ||
"@types/yargs": "^17.0.19", | ||
"@typescript-eslint/eslint-plugin": "^5.48.1", | ||
"@typescript-eslint/parser": "^5.48.1", | ||
"audit-types": "^0.5.3", | ||
"c8": "^7.12.0", | ||
"chai": "^4.3.7", | ||
"eslint": "^8.30.0", | ||
"eslint-config-prettier": "^8.5.0", | ||
"eslint": "^8.31.0", | ||
"eslint-config-prettier": "^8.6.0", | ||
"eslint-plugin-import": "^2.26.0", | ||
"eslint-plugin-unicorn": "^42.0.0", | ||
"mocha": "^9.2.2", | ||
"prettier": "^2.8.1", | ||
"prettier": "^2.8.2", | ||
"sinon": "^13.0.2", | ||
@@ -78,0 +78,0 @@ "ts-json-schema-generator": "^1.2.0", |
@@ -274,2 +274,3 @@ # audit-ci | ||
| | --skip-dev | Skip auditing devDependencies (default `false`) | | ||
| | --extra-args | Extra arguments to pass to the underlying audit command (default: `[]`) | | ||
@@ -389,2 +390,19 @@ ### Config file specification | ||
### Pass additional args to Yarn to exclude a certain package from audit | ||
With a `JSONC` config file, in a project on Yarn v3.3.0 or later: | ||
```jsonc | ||
{ | ||
"$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json", | ||
"extra-args": ["--exclude", "example"] | ||
} | ||
``` | ||
Or, with the CLI: | ||
```sh | ||
npx audit-ci@^6 --extra-args '\--exclude' example | ||
``` | ||
### Example config file and different directory usage | ||
@@ -391,0 +409,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
102643
1617
491