better-npm-audit - npm Package Compare versions

Comparing version 1.10.1 to 1.11.0

CHANGELOG.md

		@@ -0,1 +1,5 @@
		## 1.11.0 (June 11, 2021)

		* Added environment variable support `process.env.NPM_CONFIG_AUDIT_LEVEL` to set the audit level

		## 1.10.1 (June 7, 2021)
		@@ -2,0 +6,0 @@

index.js

		@@ -7,2 +7,3 @@ #!/usr/bin/env node

		const get = require('lodash.get');
		const program = require('commander');
		@@ -151,5 +152,7 @@ const { exec } = require('child_process');
		}
		if (options && options.level) {
		console.info(`[level: ${options.level}]`);
		auditLevel = mapLevelToNumber(options.level);
		// Taking the audit level from the command or environment variable
		const level = get(options, 'level', process.env.NPM_CONFIG_AUDIT_LEVEL);
		if (level) {
		console.info(`[level: ${level}]`);
		auditLevel = mapLevelToNumber(level);
		}
		@@ -156,0 +159,0 @@ if (options && options.production) {

package.json

		{
		"name": "better-npm-audit",
		"version": "1.10.1",
		"version": "1.11.0",
		"author": "Jee Mok <jee.ict@hotmail.com>",
		@@ -5,0 +5,0 @@ "description": "Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default npm audit in the future.",

README.md

		@@ -50,2 +50,18 @@ # Better NPM Audit

		## Options

		\| Flag \| Short \| Description \|
		\| ----------------- \| ----- \| ----------------------------------------------------------------------------------------------------------------------------- \|
		\| `--level` \| `-l` \| Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking `devDependencies` \|
		\| `--ignore` \| `-i` \| For skipping certain advisories \|
		\| `--full` \| `-f` \| Display full audit report. There is a character limit set to the audit report to prevent overwhelming details to the console. \|
		\| `--display-notes` \| `-d` \| Display the reasons of matched exceptions from `.nsprc` file. \|

		## Environment Variables

		\| Variable \| Description \|
		\| ------------------------------------ \| ----------------------------------------------------------------------------------------------------------------- \|
		\| `process.env.NPM_CONFIG_AUDIT_LEVEL` \| Used in setting the audit level. <br /> Note: this will be disregard if the audit level flag is passed onto the command. \|

		## Using `.nsprc` file to manage exceptions
		@@ -71,12 +87,2 @@

		## Options

		\| Flag \| Short \| Description \|
		\| ----------------- \| ----- \| ----------------------------------------------------------------------------------------------------------------------------- \|
		\| `--level` \| `-l` \| Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking `devDependencies` \|
		\| `--ignore` \| `-i` \| For skipping certain advisories \|
		\| `--full` \| `-f` \| Display full audit report. There is a character limit set to the audit report to prevent overwhelming details to the console. \|
		\| `--display-notes` \| `-d` \| Display the reasons of matched exceptions from `.nsprc` file. \|

		---
		@@ -83,0 +89,0 @@

test/index.js

		@@ -182,3 +182,3 @@ const sinon = require('sinon');

		it('should be able to handle severity level from user input correctly', () => {
		it('should be able to handle audit level from the command correctly', () => {
		const stub = sinon.stub();
		@@ -227,5 +227,48 @@ const consoleStub = sinon.stub(console, 'info');

		it('should be able to handle production flag from user input correctly', () => {
		it('should be able to use audit level from the environment variables correctly', () => {
		const stub = sinon.stub();
		const consoleStub = sinon.stub(console, 'info');
		const options = {};
		const auditCommand = BASE_COMMAND;
		const fullLog = false;
		const exceptionIds = [];

		// info
		process.env.NPM_CONFIG_AUDIT_LEVEL = 'info';
		handleUserInput(options, stub);
		expect(stub.calledWith(auditCommand, 0, fullLog, exceptionIds)).to.equal(true);
		expect(consoleStub.calledWith('[level: info]')).to.equal(true);

		// low
		process.env.NPM_CONFIG_AUDIT_LEVEL = 'low';
		handleUserInput(options, stub);
		expect(stub.calledWith(auditCommand, 1, fullLog, exceptionIds)).to.equal(true);
		expect(consoleStub.calledWith('[level: low]')).to.equal(true);

		// moderate
		process.env.NPM_CONFIG_AUDIT_LEVEL = 'moderate';
		handleUserInput(options, stub);
		expect(stub.calledWith(auditCommand, 2, fullLog, exceptionIds)).to.equal(true);
		expect(consoleStub.calledWith('[level: moderate]')).to.equal(true);

		// high
		process.env.NPM_CONFIG_AUDIT_LEVEL = 'high';
		handleUserInput(options, stub);
		expect(stub.calledWith(auditCommand, 3, fullLog, exceptionIds)).to.equal(true);
		expect(consoleStub.calledWith('[level: high]')).to.equal(true);

		// critical
		process.env.NPM_CONFIG_AUDIT_LEVEL = 'critical';
		handleUserInput(options, stub);
		expect(stub.calledWith(auditCommand, 4, fullLog, exceptionIds)).to.equal(true);
		expect(consoleStub.calledWith('[level: critical]')).to.equal(true);

		// Clean up
		consoleStub.restore();
		process.env.NPM_CONFIG_AUDIT_LEVEL = undefined;
		});

		it('should be able to handle production flag from the command correctly', () => {
		const stub = sinon.stub();
		const consoleStub = sinon.stub(console, 'info');
		const options = {
		@@ -249,3 +292,3 @@ production: true,

		it('should be able to handle full logs flag from user input correctly', () => {
		it('should be able to handle full logs flag from the command correctly', () => {
		const stub = sinon.stub();
		@@ -271,3 +314,3 @@ const consoleStub = sinon.stub(console, 'info');

		it('should be able to handle empty user input correctly', () => {
		it('should be able to handle default command correctly', () => {
		const stub = sinon.stub();
		@@ -274,0 +317,0 @@ const options = {};

		@@ -50,2 +50,18 @@ # Better NPM Audit

		## Options

		\| Flag \| Short \| Description \|
		\| ----------------- \| ----- \| ----------------------------------------------------------------------------------------------------------------------------- \|
		\| `--level` \| `-l` \| Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking `devDependencies` \|
		\| `--ignore` \| `-i` \| For skipping certain advisories \|
		\| `--full` \| `-f` \| Display full audit report. There is a character limit set to the audit report to prevent overwhelming details to the console. \|
		\| `--display-notes` \| `-d` \| Display the reasons of matched exceptions from `.nsprc` file. \|

		## Environment Variables

		\| Variable \| Description \|
		\| ------------------------------------ \| ----------------------------------------------------------------------------------------------------------------- \|
		\| `process.env.NPM_CONFIG_AUDIT_LEVEL` \| Used in setting the audit level. <br /> Note: this will be disregard if the audit level flag is passed onto the command. \|

		## Using `.nsprc` file to manage exceptions
		@@ -71,12 +87,2 @@

		## Options

		\| Flag \| Short \| Description \|
		\| ----------------- \| ----- \| ----------------------------------------------------------------------------------------------------------------------------- \|
		\| `--level` \| `-l` \| Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking `devDependencies` \|
		\| `--ignore` \| `-i` \| For skipping certain advisories \|
		\| `--full` \| `-f` \| Display full audit report. There is a character limit set to the audit report to prevent overwhelming details to the console. \|
		\| `--display-notes` \| `-d` \| Display the reasons of matched exceptions from `.nsprc` file. \|

		---
		@@ -83,0 +89,0 @@

better-npm-audit - npm Package Compare versions

New alerts

Improved metrics

Worsened metrics