gulp-nsp - npm Package Compare versions
Comparing version 2.4.2 to 3.0.0
@@ -9,5 +9,5 @@ 'use strict'; | ||
| GulpNSP({ | ||
| shrinkwrap: __dirname + '/npm-shrinkwrap.json', | ||
| packagelock: __dirname + '/package-lock.json', | ||
| package: __dirname + '/package.json' | ||
| }, cb); | ||
| }); |
119
index.js
| 'use strict'; | ||
| var GulpUtil = require('gulp-util'); | ||
| var Nsp = require('nsp'); | ||
| var Preprocessor = require('nsp/lib/preprocessor'); | ||
| var Reporter = require('nsp/reporters'); | ||
| var PluginError = require('plugin-error'); | ||
| var Log = require('fancy-log'); | ||
| var PLUGIN_NAME = require('./package.json').name; | ||
| var Os = require('os'); | ||
| var Fs = require('fs'); | ||
| var Path = require('path'); | ||
| var internals = {}; | ||
| internals.wrapReporter = function (name, fn, ...args) { | ||
| var output = ''; | ||
| return new Promise((resolve, reject) => { | ||
| try { | ||
| return resolve(fn(...args, { | ||
| log: function (...segments) { | ||
| output += segments.join(' ') + '\n'; | ||
| }, | ||
| error: function (...segments) { | ||
| output += segments.join(' ') + '\n'; | ||
| } | ||
| })); | ||
| } | ||
| catch (err) { | ||
| return reject(err); | ||
| } | ||
| }).catch((err) => { | ||
| output += `Error in reporter: ${name}\n`; | ||
| output += err.stack + '\n'; | ||
| }).then(() => { | ||
| return output; | ||
| }); | ||
| }; | ||
| var rsGulp = function (params, callback) { | ||
| var payload = {}; | ||
| var formatter = Nsp.formatters.default; | ||
| var payload = Nsp.sanitizeParameters(params); | ||
| var reporter = Reporter.load(payload.reporter); | ||
| if (params.package) { | ||
| payload.package = params.package; | ||
| } | ||
| return Promise.resolve().then(() => { | ||
| if (params.shrinkwrap) { | ||
| payload.shrinkwrap = params.shrinkwrap; | ||
| } | ||
| const preprocessor = Preprocessor.load(payload.preprocessor); | ||
| return preprocessor.hasOwnProperty('check') ? preprocessor.check(payload) : Promise.resolve(payload); | ||
| }).then((args) => { | ||
| // Enable builds behind the HTTP_PROXY | ||
| if (params.proxy) { | ||
| payload.proxy = params.proxy; | ||
| } | ||
| return Nsp.check(args); | ||
| }).then((result) => { | ||
| if (params.output) { | ||
| if (Nsp.formatters.hasOwnProperty(params.output)) { | ||
| formatter = Nsp.formatters[params.output]; | ||
| var maxCvss; | ||
| if (payload.filter || | ||
| payload.threshold) { | ||
| maxCvss = Math.max(...result.data.map((item) => item.cvss_score)); | ||
| } | ||
| else { | ||
| GulpUtil.log('Invalid formatter specified in options. Must be one of ' + Object.keys(Nsp.formatters).join(', ') + '\nUsing default formatter'); | ||
| if (payload.filter && | ||
| result.data.length) { | ||
| result.data = result.data.filter((item) => item.cvss_score > args.filter); | ||
| } | ||
| } | ||
| Nsp.check(payload, function (err, data) { | ||
| var buildReport; | ||
| if (reporter.hasOwnProperty('check') && | ||
| reporter.check.hasOwnProperty('success')) { | ||
| var output = formatter(err, data); | ||
| var pluginErr = new GulpUtil.PluginError(PLUGIN_NAME, output); | ||
| buildReport = internals.wrapReporter(payload.reporter, reporter.check.success, result, payload); | ||
| } | ||
| else { | ||
| buildReport = internals.wrapReporter(payload.reporter, reporter.success, result, payload); | ||
| } | ||
| if (err) { | ||
| if (params.stopOnError === false) { | ||
| GulpUtil.log(output); | ||
| return buildReport.then((output) => { | ||
| if (params.stopOnError === false || result.data && result.data.length === 0) { | ||
| Log(output.trim()); | ||
| return callback(); | ||
| } | ||
| return callback(pluginErr); | ||
| } | ||
| if (params.stopOnError === false || data && data.length === 0) { | ||
| GulpUtil.log(output); | ||
| return callback(); | ||
| if (result.data.length > 0) { | ||
| var pluginErr = new PluginError(PLUGIN_NAME, output); | ||
| return callback(pluginErr); | ||
| } | ||
| }) | ||
| }).catch((err) => { | ||
| var buildReport; | ||
| if (reporter.hasOwnProperty('check') && | ||
| reporter.check.hasOwnProperty('error')) { | ||
| buildReport = internals.wrapReporter(payload.reporter, reporter.check.error, err, payload); | ||
| } | ||
| else { | ||
| buildReport = internals.wrapReporter(payload.reporter, reporter.error, err, payload); | ||
| } | ||
| if (data.length > 0) { | ||
| return buildReport.then((output) => { | ||
| var pluginErr = new PluginError(PLUGIN_NAME, output); | ||
| return callback(pluginErr); | ||
| } | ||
| }) | ||
| }); | ||
| }; | ||
| module.exports = rsGulp; |
| { | ||
| "name": "gulp-nsp", | ||
| "version": "2.4.2", | ||
| "version": "3.0.0", | ||
| "description": "A gulp module that runs Node Security check", | ||
@@ -8,3 +8,2 @@ "main": "index.js", | ||
| "lint": "eslint .", | ||
| "shrinkwrap": "npm shrinkwrap && shrinkydink", | ||
| "test": "gulp nsp" | ||
@@ -29,4 +28,5 @@ }, | ||
| "dependencies": { | ||
| "gulp-util": "^3.0.6", | ||
| "nsp": "^2.0.0" | ||
| "fancy-log": "^1.3.2", | ||
| "nsp": "^3.2.0", | ||
| "plugin-error": "^1.0.1" | ||
| }, | ||
@@ -37,6 +37,5 @@ "devDependencies": { | ||
| "eslint-plugin-hapi": "^1.2.2", | ||
| "gulp": "^3.9.0", | ||
| "shrinkydink": "^1.0.0" | ||
| "gulp": "^3.9.0" | ||
| }, | ||
| "license": "Apache-2.0" | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
NPM Shrinkwrap
Supply chain riskPackage contains a shrinkwrap file. This may allow the package to bypass normal install procedures.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-20%
4
- Number of high supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-79.99%
8305
- Dependency count
- increased by50%
3
- Number of package files
- decreased by-20%
8
- Lines of code
- decreased by-91.07%
95
- Number of low supply chain risk alerts
- increased byInfinity%
1
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedfancy-log@^1.3.2
+ Addedplugin-error@^1.0.1
+ Addedagent-base@4.3.0(transitive)
+ Addedansi-colors@1.1.0(transitive)
+ Addedansi-escapes@3.2.0(transitive)
+ Addedansi-regex@3.0.1(transitive)
+ Addedansi-styles@3.2.1(transitive)
+ Addedarr-diff@4.0.0(transitive)
+ Addedarr-union@3.1.0(transitive)
+ Addedassign-symbols@1.0.0(transitive)
+ Addedboom@5.3.3(transitive)
+ Addedcamelcase@4.1.0(transitive)
+ Addedchalk@2.4.2(transitive)
+ Addedchardet@0.4.2(transitive)
+ Addedcli-cursor@2.1.0(transitive)
+ Addedcli-table2@0.2.0(transitive)
+ Addedcli-width@2.2.1(transitive)
+ Addedcliui@3.2.0(transitive)
+ Addedcode-point-at@1.1.0(transitive)
+ Addedcolor-convert@1.9.3(transitive)
+ Addedcolor-name@1.1.3(transitive)
+ Addedcolors@1.4.0(transitive)
+ Addedcross-spawn@5.1.0(transitive)
+ Addeddebug@3.2.7(transitive)
+ Addeddecamelize@1.2.0(transitive)
+ Addederror-ex@1.3.2(transitive)
+ Addedes6-promise@4.2.8(transitive)
+ Addedes6-promisify@5.0.0(transitive)
+ Addedexeca@0.7.0(transitive)
+ Addedextend-shallow@3.0.2(transitive)
+ Addedexternal-editor@2.2.0(transitive)
+ Addedfigures@2.0.0(transitive)
+ Addedfind-up@2.1.0(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-caller-file@1.0.3(transitive)
+ Addedget-stream@3.0.0(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedhas-flag@3.0.0(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhoek@4.3.1(transitive)
+ Addedhosted-git-info@2.8.9(transitive)
+ Addedhttps-proxy-agent@2.2.4(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedinquirer@3.3.0(transitive)
+ Addedinvert-kv@1.0.0(transitive)
+ Addedis-arrayish@0.2.1(transitive)
+ Addedis-core-module@2.16.1(transitive)
+ Addedis-extendable@1.0.1(transitive)
+ Addedis-fullwidth-code-point@1.0.02.0.0(transitive)
+ Addedis-plain-object@2.0.4(transitive)
+ Addedis-stream@1.1.0(transitive)
+ Addedisexe@2.0.0(transitive)
+ Addedisobject@3.0.1(transitive)
+ Addedlcid@1.0.0(transitive)
+ Addedload-json-file@2.0.0(transitive)
+ Addedlocate-path@2.0.0(transitive)
+ Addedlodash@3.10.14.17.21(transitive)
+ Addedlru-cache@4.1.5(transitive)
+ Addedmem@1.1.0(transitive)
+ Addedmimic-fn@1.2.0(transitive)
+ Addedmute-stream@0.0.7(transitive)
+ Addednodesecurity-npm-utils@6.0.0(transitive)
+ Addednormalize-package-data@2.5.0(transitive)
+ Addednpm-run-path@2.0.2(transitive)
+ Addednsp@3.2.1(transitive)
+ Addednumber-is-nan@1.0.1(transitive)
+ Addedonetime@2.0.1(transitive)
+ Addedos-locale@2.1.0(transitive)
+ Addedos-tmpdir@1.0.2(transitive)
+ Addedp-finally@1.0.0(transitive)
+ Addedp-limit@1.3.0(transitive)
+ Addedp-locate@2.0.0(transitive)
+ Addedp-try@1.0.0(transitive)
+ Addedparse-json@2.2.0(transitive)
+ Addedpath-exists@3.0.0(transitive)
+ Addedpath-key@2.0.1(transitive)
+ Addedpath-parse@1.0.7(transitive)
+ Addedpath-type@2.0.0(transitive)
+ Addedpify@2.3.0(transitive)
+ Addedplugin-error@1.0.1(transitive)
+ Addedpseudomap@1.0.2(transitive)
+ Addedread-pkg@2.0.0(transitive)
+ Addedread-pkg-up@2.0.0(transitive)
+ Addedrequire-directory@2.1.1(transitive)
+ Addedrequire-main-filename@1.0.1(transitive)
+ Addedresolve@1.22.10(transitive)
+ Addedrestore-cursor@2.0.0(transitive)
+ Addedrun-async@2.4.1(transitive)
+ Addedrx-lite@4.0.8(transitive)
+ Addedrx-lite-aggregates@4.0.8(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedset-blocking@2.0.0(transitive)
+ Addedshebang-command@1.2.0(transitive)
+ Addedshebang-regex@1.0.0(transitive)
+ Addedsignal-exit@3.0.7(transitive)
+ Addedspdx-correct@3.2.0(transitive)
+ Addedspdx-exceptions@2.5.0(transitive)
+ Addedspdx-expression-parse@3.0.1(transitive)
+ Addedspdx-license-ids@3.0.20(transitive)
+ Addedstring-width@1.0.22.1.1(transitive)
+ Addedstrip-ansi@4.0.0(transitive)
+ Addedstrip-bom@3.0.0(transitive)
+ Addedstrip-eof@1.0.0(transitive)
+ Addedsupports-color@5.5.0(transitive)
+ Addedsupports-preserve-symlinks-flag@1.0.0(transitive)
+ Addedthrough@2.3.8(transitive)
+ Addedtmp@0.0.33(transitive)
+ Addedvalidate-npm-package-license@3.0.4(transitive)
+ Addedwhich@1.3.1(transitive)
+ Addedwhich-module@2.0.1(transitive)
+ Addedwrap-ansi@2.1.0(transitive)
+ Addedwreck@12.6.2(transitive)
+ Addedy18n@3.2.2(transitive)
+ Addedyallist@2.1.2(transitive)
+ Addedyargs@9.0.1(transitive)
+ Addedyargs-parser@7.0.0(transitive)
- Removedgulp-util@^3.0.6
- Removedagent-base@2.1.1(transitive)
- Removedansi-styles@2.2.1(transitive)
- Removedarray-differ@1.0.0(transitive)
- Removedarray-uniq@1.0.3(transitive)
- Removedbeeper@1.1.1(transitive)
- Removedboom@2.10.1(transitive)
- Removedchalk@1.1.3(transitive)
- Removedcli-table@0.3.11(transitive)
- Removedcliclopts@1.1.1(transitive)
- Removedclone@1.0.4(transitive)
- Removedclone-stats@0.0.1(transitive)
- Removedcolors@1.0.3(transitive)
- Removedcore-util-is@1.0.3(transitive)
- Removeddateformat@2.2.0(transitive)
- Removeddebug@2.6.94.4.0(transitive)
- Removeddeep-extend@0.6.0(transitive)
- Removedduplexer2@0.0.2(transitive)
- Removedextend@3.0.2(transitive)
- Removedglogg@1.0.2(transitive)
- Removedgulp-util@3.0.8(transitive)
- Removedgulplog@1.0.0(transitive)
- Removedhas-ansi@2.0.0(transitive)
- Removedhas-gulplog@0.1.0(transitive)
- Removedhoek@2.16.3(transitive)
- Removedhttps-proxy-agent@1.0.0(transitive)
- Removedinherits@2.0.4(transitive)
- Removedini@1.3.8(transitive)
- Removedisarray@0.0.11.0.0(transitive)
- Removedisemail@1.2.0(transitive)
- Removedjoi@6.10.1(transitive)
- Removedlodash._basecopy@3.0.1(transitive)
- Removedlodash._basetostring@3.0.1(transitive)
- Removedlodash._basevalues@3.0.0(transitive)
- Removedlodash._getnative@3.9.1(transitive)
- Removedlodash._isiterateecall@3.0.9(transitive)
- Removedlodash._reescape@3.0.0(transitive)
- Removedlodash._reevaluate@3.0.0(transitive)
- Removedlodash._reinterpolate@3.0.0(transitive)
- Removedlodash._root@3.0.1(transitive)
- Removedlodash.escape@3.2.0(transitive)
- Removedlodash.isarguments@3.1.0(transitive)
- Removedlodash.isarray@3.0.4(transitive)
- Removedlodash.keys@3.1.2(transitive)
- Removedlodash.restparam@3.6.1(transitive)
- Removedlodash.template@3.6.2(transitive)
- Removedlodash.templatesettings@3.1.1(transitive)
- Removedminimist@1.2.8(transitive)
- Removedmoment@2.30.1(transitive)
- Removedms@2.0.0(transitive)
- Removedmultipipe@0.1.2(transitive)
- Removednodesecurity-npm-utils@5.0.0(transitive)
- Removednsp@2.8.1(transitive)
- Removedobject-assign@3.0.0(transitive)
- Removedpath-is-absolute@1.0.1(transitive)
- Removedprocess-nextick-args@2.0.1(transitive)
- Removedrc@1.2.8(transitive)
- Removedreadable-stream@1.1.142.3.8(transitive)
- Removedreplace-ext@0.0.1(transitive)
- Removedsafe-buffer@5.1.2(transitive)
- Removedsemver@5.0.3(transitive)
- Removedsparkles@1.0.1(transitive)
- Removedstring_decoder@0.10.311.1.1(transitive)
- Removedstrip-json-comments@2.0.1(transitive)
- Removedsubcommand@2.1.1(transitive)
- Removedsupports-color@2.0.0(transitive)
- Removedthrough2@2.0.5(transitive)
- Removedtopo@1.1.0(transitive)
- Removedutil-deprecate@1.0.2(transitive)
- Removedvinyl@0.5.3(transitive)
- Removedwreck@6.3.0(transitive)
- Removedxtend@4.0.2(transitive)
Updatednsp@^3.2.0