audit-ci - npm Package Compare versions
Comparing version 6.5.0 to 6.6.0
@@ -56,2 +56,4 @@ import Allowlist, { type AllowlistRecord } from "./allowlist"; | ||
| "skip-dev": boolean; | ||
| /** extra positional args for underlying audit command */ | ||
| "extra-args": string[]; | ||
| }; | ||
@@ -58,0 +60,0 @@ type ComplexConfig = Omit<AuditCiPreprocessedConfig, "allowlist" | "a" | "p" | "o" | "d" | "s" | "r" | "l" | "m" | "h" | "c"> & { |
@@ -48,2 +48,8 @@ "use strict"; | ||
| } | ||
| function mapExtraArgumentsInput(config) { | ||
| // These args will often be flags for another command, so we | ||
| // want to have some way of escaping args that start with a -. | ||
| // We'll look for and remove a single backslash at the start, if present. | ||
| return config["extra-args"].map((a) => a.replace(/^\\/, "")); | ||
| } | ||
| /** | ||
@@ -95,2 +101,3 @@ * @param pmArgument the package manager (including the `auto` option) | ||
| allowlist: allowlist, | ||
| "extra-args": mapExtraArgumentsInput(argv), | ||
| }; | ||
@@ -204,2 +211,7 @@ return result; | ||
| }, | ||
| "extra-args": { | ||
| default: [], | ||
| describe: "Pass additional arguments to the underlying audit command", | ||
| type: "array", | ||
| }, | ||
| }) | ||
@@ -206,0 +218,0 @@ .help("help"); |
@@ -11,3 +11,3 @@ "use strict"; | ||
| async function runNpmAudit(config) { | ||
| const { directory, registry, _npm, "skip-dev": skipDevelopmentDependencies, } = config; | ||
| const { directory, registry, _npm, "skip-dev": skipDevelopmentDependencies, "extra-args": extraArguments, } = config; | ||
| const npmExec = _npm || "npm"; | ||
@@ -29,2 +29,5 @@ let stdoutBuffer = {}; | ||
| } | ||
| if (extraArguments) { | ||
| arguments_.push(...extraArguments); | ||
| } | ||
| const options = { cwd: directory }; | ||
@@ -31,0 +34,0 @@ await (0, common_1.runProgram)(npmExec, arguments_, options, outListener, errorListener); |
@@ -37,3 +37,3 @@ "use strict"; | ||
| async function runPnpmAudit(config) { | ||
| const { directory, registry, _pnpm, "skip-dev": skipDevelopmentDependencies, } = config; | ||
| const { directory, registry, _pnpm, "skip-dev": skipDevelopmentDependencies, "extra-args": extraArguments, } = config; | ||
| const pnpmExec = _pnpm || "pnpm"; | ||
@@ -61,2 +61,5 @@ let stdoutBuffer = {}; | ||
| } | ||
| if (extraArguments) { | ||
| arguments_.push(...extraArguments); | ||
| } | ||
| const options = { cwd: directory }; | ||
@@ -63,0 +66,0 @@ await (0, common_1.runProgram)(pnpmExec, arguments_, options, outListener, errorListener); |
@@ -68,3 +68,3 @@ "use strict"; | ||
| async function audit(config, reporter = common_1.reportAudit) { | ||
| const { levels, registry, "report-type": reportType, "skip-dev": skipDevelopmentDependencies, "output-format": outputFormat, _yarn, directory, } = config; | ||
| const { levels, registry, "report-type": reportType, "skip-dev": skipDevelopmentDependencies, "output-format": outputFormat, _yarn, directory, "extra-args": extraArguments, } = config; | ||
| const yarnExec = _yarn || "yarn"; | ||
@@ -195,2 +195,5 @@ let missingLockFile = false; | ||
| } | ||
| if (extraArguments) { | ||
| arguments_.push(...extraArguments); | ||
| } | ||
| await (0, common_1.runProgram)(yarnExec, arguments_, options, outListener, errorListener); | ||
@@ -197,0 +200,0 @@ if (missingLockFile) { |
| { | ||
| "name": "audit-ci", | ||
| "version": "6.5.0", | ||
| "version": "6.6.0", | ||
| "description": "Audits NPM, Yarn, and PNPM projects in CI environments", | ||
@@ -64,14 +64,14 @@ "license": "Apache-2.0", | ||
| "@types/sinon": "^10.0.13", | ||
| "@types/yargs": "^17.0.18", | ||
| "@typescript-eslint/eslint-plugin": "^5.47.1", | ||
| "@typescript-eslint/parser": "^5.47.1", | ||
| "@types/yargs": "^17.0.19", | ||
| "@typescript-eslint/eslint-plugin": "^5.48.1", | ||
| "@typescript-eslint/parser": "^5.48.1", | ||
| "audit-types": "^0.5.3", | ||
| "c8": "^7.12.0", | ||
| "chai": "^4.3.7", | ||
| "eslint": "^8.30.0", | ||
| "eslint-config-prettier": "^8.5.0", | ||
| "eslint": "^8.31.0", | ||
| "eslint-config-prettier": "^8.6.0", | ||
| "eslint-plugin-import": "^2.26.0", | ||
| "eslint-plugin-unicorn": "^42.0.0", | ||
| "mocha": "^9.2.2", | ||
| "prettier": "^2.8.1", | ||
| "prettier": "^2.8.2", | ||
| "sinon": "^13.0.2", | ||
@@ -78,0 +78,0 @@ "ts-json-schema-generator": "^1.2.0", |
@@ -274,2 +274,3 @@ # audit-ci | ||
| | | --skip-dev | Skip auditing devDependencies (default `false`) | | ||
| | | --extra-args | Extra arguments to pass to the underlying audit command (default: `[]`) | | ||
@@ -389,2 +390,19 @@ ### Config file specification | ||
| ### Pass additional args to Yarn to exclude a certain package from audit | ||
| With a `JSONC` config file, in a project on Yarn v3.3.0 or later: | ||
| ```jsonc | ||
| { | ||
| "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json", | ||
| "extra-args": ["--exclude", "example"] | ||
| } | ||
| ``` | ||
| Or, with the CLI: | ||
| ```sh | ||
| npx audit-ci@^6 --extra-args '\--exclude' example | ||
| ``` | ||
| ### Example config file and different directory usage | ||
@@ -391,0 +409,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.42%
102643
- Lines of code
- increased by1.44%
1617
- Number of lines in readme file
- increased by3.81%
491