New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
better-npm-audit
Advanced tools
better-npm-audit - npm Package Compare versions
Comparing version 1.9.3 to 1.10.0
@@ -0,1 +1,6 @@ | ||
| ## 1.10.0 (June 7, 2021) | ||
| * Updated `--full` flag logging from `[full log mode enabled]` to `[report display limit disabled]` | ||
| * [Added new flag `--display-notes` to display reasons for the exceptions](https://github.com/jeemok/better-npm-audit/issues/32) | ||
| ## 1.9.3 (June 6, 2021) | ||
@@ -5,3 +10,3 @@ | ||
| * Added CHANGELOG.md | ||
| * Updated README.md | ||
| * [Added CHANGELOG.md](https://github.com/jeemok/better-npm-audit/issues/31) | ||
| * Updated `README.md` |
21
index.js
@@ -129,7 +129,9 @@ #!/usr/bin/env node | ||
| // Try to use `.nsprc` file if it exists | ||
| // Check `.nsprc` file for exceptions | ||
| const fileException = readFile(EXCEPTION_FILE_PATH); | ||
| const filteredExceptions = filterValidException(fileException); | ||
| if (fileException) { | ||
| exceptionIds = filterValidException(fileException); | ||
| exceptionIds = filteredExceptions.map(details => details.id); | ||
| } | ||
| // Check also if any exception IDs passed via command flags | ||
| if (options && options.ignore) { | ||
@@ -142,2 +144,6 @@ const cmdExceptions = options.ignore.split(SEPARATOR).filter(isWholeNumber).map(Number); | ||
| } | ||
| if (options && options.displayNotes && filteredExceptions.length) { | ||
| console.info('Exceptions notes:'); | ||
| filteredExceptions.forEach(({ id, reason }) => console.info(`${id}: ${reason || 'n/a'}`)); | ||
| } | ||
| if (options && options.level) { | ||
@@ -152,3 +158,3 @@ console.info(`[level: ${options.level}]`); | ||
| if (options && options.full) { | ||
| console.info('[full log mode enabled]'); | ||
| console.info('[report display limit disabled]'); | ||
| displayFullLog = true; | ||
@@ -165,6 +171,7 @@ } | ||
| .description('execute npm audit') | ||
| .option('-i, --ignore <ids>', 'Vulnerabilities ID(s) to ignore') | ||
| .option('-f, --full', `Display the full audit logs. Default to ${DEFAULT_MESSSAGE_LIMIT} characters.`) | ||
| .option('-l, --level <auditLevel>', 'The minimum audit level to include') | ||
| .option('-p, --production', 'Skip checking devDependencies') | ||
| .option('-i, --ignore <ids>', 'Vulnerabilities ID(s) to ignore.') | ||
| .option('-f, --full', `Display complete audit report. Limit to ${DEFAULT_MESSSAGE_LIMIT} characters by default.`) | ||
| .option('-l, --level <auditLevel>', 'The minimum audit level to validate.') | ||
| .option('-p, --production', 'Skip checking devDependencies.') | ||
| .option('-d, --display-notes', 'Display exception notes.') | ||
| .action(userOptions => handleUserInput(userOptions, audit)); | ||
@@ -171,0 +178,0 @@ |
| { | ||
| "name": "better-npm-audit", | ||
| "version": "1.9.3", | ||
| "version": "1.10.0", | ||
| "author": "Jee Mok <jee.ict@hotmail.com>", | ||
@@ -5,0 +5,0 @@ "description": "Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default npm audit in the future.", |
@@ -91,6 +91,18 @@ const sinon = require('sinon'); | ||
| '980': 'Ignored since we dont use xxx method', | ||
| '5': '', | ||
| '3': null, | ||
| '2': undefined, | ||
| '1': false, | ||
| 'invalid': 'Ignored since we dont use xxx method', | ||
| }; | ||
| const expected = [ | ||
| { id: 1, reason: undefined }, | ||
| { id: 2, reason: undefined }, | ||
| { id: 3, reason: undefined }, | ||
| { id: 5, reason: undefined }, | ||
| { id: 137, ignore: true, reason: 'Ignored since we dont use xxx method' }, | ||
| { id: 980, reason: 'Ignored since we dont use xxx method' }, | ||
| ]; | ||
| expect(filterValidException(exceptions)).to.deep.equal([137, 980]); | ||
| expect(filterValidException(exceptions)).to.deep.equal(expected); | ||
| }); | ||
@@ -117,3 +129,5 @@ | ||
| expect(filterValidException(exceptions)).to.deep.equal([980]); | ||
| expect(filterValidException(exceptions)).to.deep.equal([ | ||
| { id: 980, ignore: true, expiry: 1615462150000 }, | ||
| ]); | ||
@@ -123,3 +137,6 @@ clock.restore(); | ||
| expect(filterValidException(exceptions)).to.deep.equal([581, 980]); | ||
| expect(filterValidException(exceptions)).to.deep.equal([ | ||
| { id: 581, ignore: true, expiry: 1615462140000 }, | ||
| { id: 980, ignore: true, expiry: 1615462150000 }, | ||
| ]); | ||
@@ -131,3 +148,3 @@ clock.restore(); | ||
| describe('event handlers', () => { | ||
| it('should be able to pass exceptions from input correctly', () => { | ||
| it('should be able to pass exceptions from the command correctly', () => { | ||
| const stub = sinon.stub(); | ||
@@ -250,3 +267,3 @@ const options = { | ||
| expect(stub.calledWith(auditCommand, auditLevel, fullLog, exceptionIds)).to.equal(true); | ||
| expect(consoleStub.calledWith('[full log mode enabled]')).to.equal(true); | ||
| expect(consoleStub.calledWith('[report display limit disabled]')).to.equal(true); | ||
@@ -253,0 +270,0 @@ consoleStub.restore(); |
@@ -79,4 +79,4 @@ const get = require('lodash.get'); | ||
| // if the details is not an config object, we will accept this ID | ||
| if (typeof details !== 'object') { | ||
| return acc.concat(numberId); | ||
| if (!details || typeof details !== 'object') { | ||
| return acc.concat(Object.assign({}, { id: numberId, reason: details || undefined })); | ||
| } | ||
@@ -91,3 +91,3 @@ // `ignore` flag has to be true | ||
| if (details.expiry > new Date(Date.now()).getTime()) { | ||
| return acc.concat(numberId); | ||
| return acc.concat(Object.assign({}, { id: numberId }, details)); | ||
| } | ||
@@ -98,3 +98,3 @@ // else it is expired, so don't accept it | ||
| // Accept the ID | ||
| return acc.concat(numberId); | ||
| return acc.concat(Object.assign({}, { id: numberId }, details)); | ||
| }, []); | ||
@@ -101,0 +101,0 @@ } |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.67%
242389
- Lines of code
- increased by0.78%
3107
No dependency changes