Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

npm-audit-report

Package Overview
Dependencies
Maintainers
6
Versions
27
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

npm-audit-report - npm Package Compare versions

Comparing version 2.1.5 to 3.0.0

2

lib/colors.js

@@ -22,4 +22,4 @@ const chalk = require('chalk')

white,
severity
severity,
}
}

2

lib/exit-code.js

@@ -8,3 +8,3 @@ // return 1 if any vulns in the set are at or above the specified severity

'critical',
'none'
'none',
]).map(s => s.reverse()))

@@ -11,0 +11,0 @@

12

lib/index.js

@@ -7,3 +7,3 @@ 'use strict'

json: require('./reporters/json'),
quiet: require('./reporters/quiet')
quiet: require('./reporters/quiet'),
}

@@ -24,3 +24,3 @@

if (!data)
if (!data) {
throw Object.assign(

@@ -30,13 +30,15 @@ new TypeError('ENOAUDITDATA'),

code: 'ENOAUDITDATA',
message: 'missing audit data'
message: 'missing audit data',
}
)
}
if (typeof data.toJSON === 'function')
if (typeof data.toJSON === 'function') {
data = data.toJSON()
}
return {
report: reporters[reporter](data, { color, unicode, indent }),
exitCode: exitCode(data, auditLevel)
exitCode: exitCode(data, auditLevel),
}
}, { reporters })

22

lib/reporters/detail.js

@@ -9,3 +9,3 @@ 'use strict'

const none = data.metadata.vulnerabilities.total === 0
return none ? summary : fullReport(data, {color, summary})
return none ? summary : fullReport(data, { color, summary })
}

@@ -18,6 +18,7 @@

const printed = new Set()
for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
for (const [, vuln] of Object.entries(data.vulnerabilities)) {
// only print starting from the top-level advisories
if (vuln.via.filter(v => typeof v !== 'string').length !== 0)
output.push(printVuln(vuln, c, data.vulnerabilities))
if (vuln.via.filter(v => typeof v !== 'string').length !== 0) {
output.push(printVuln(vuln, c, data.vulnerabilities, printed))
}
}

@@ -30,5 +31,6 @@

const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') => {
if (printed.has(vuln))
const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => {
if (printed.has(vuln)) {
return null
}

@@ -65,3 +67,3 @@ printed.add(vuln)

`, which is ${fa.isSemVerMajor ? 'a breaking change' :
'outside the stated dependency range' }`
'outside the stated dependency range'}`
)

@@ -77,6 +79,6 @@ }

for (const effect of vuln.effects) {
const vuln = vulnerabilities[effect]
const e = printVuln(vuln, c, vulnerabilities, printed, ' ')
if (e)
const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, ' ')
if (e) {
output.push(...e.split('\n'))
}
}

@@ -83,0 +85,0 @@

10

lib/reporters/install.js

@@ -6,3 +6,3 @@ const colors = require('../colors.js')

const output = []
const { metadata: { vulnerabilities }} = data
const { metadata: { vulnerabilities } } = data
const vulnCount = vulnerabilities.total

@@ -18,3 +18,3 @@

} else {
for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
for (const [, vuln] of Object.entries(data.vulnerabilities)) {
const { fixAvailable } = vuln

@@ -50,3 +50,3 @@ someFixable = someFixable || fixAvailable === true

(someForceFixable || someUnfixable ? 'issues that do not require attention'
: 'all issues') + ', run:\n npm audit fix')
: 'all issues') + ', run:\n npm audit fix')
}

@@ -72,3 +72,3 @@

report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
: summary
: summary,
}

@@ -78,3 +78,3 @@ }

module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
summary: (data, opt) => calculate(data, opt).summary
summary: (data, opt) => calculate(data, opt).summary,
})

27

package.json
{
"name": "npm-audit-report",
"version": "2.1.5",
"version": "3.0.0",
"description": "Given a response from the npm security api, render it into a variety of security reports",

@@ -11,3 +11,8 @@ "main": "lib/index.js",

"postversion": "npm publish",
"prepublishOnly": "git push origin --follow-tags"
"prepublishOnly": "git push origin --follow-tags",
"lint": "eslint \"**/*.js\"",
"postlint": "template-oss-check",
"template-oss-apply": "template-oss-apply --force",
"lintfix": "npm run lint -- --fix",
"posttest": "npm run lint"
},

@@ -24,3 +29,3 @@ "tap": {

],
"author": "Adam Baldwin",
"author": "GitHub Inc.",
"license": "ISC",

@@ -31,4 +36,6 @@ "dependencies": {

"devDependencies": {
"@npmcli/eslint-config": "^3.0.1",
"@npmcli/template-oss": "3.1.2",
"require-inject": "^1.4.4",
"tap": "^14.10.7"
"tap": "^16.0.0"
},

@@ -41,3 +48,3 @@ "directories": {

"type": "git",
"url": "git+https://github.com/npm/npm-audit-report.git"
"url": "https://github.com/npm/npm-audit-report.git"
},

@@ -49,9 +56,13 @@ "bugs": {

"files": [
"index.js",
"lib",
"bin/",
"lib/",
"reporters"
],
"engines": {
"node": ">=10"
"node": "^12.13.0 || ^14.15.0 || >=16.0.0"
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "3.1.2"
}
}

2

README.md

@@ -49,3 +49,3 @@ # npm audit security report

Version 2 of this module expects to recieve an instance (or serialized JSON
Version 2 of this module expects to receive an instance (or serialized JSON
version of) the `AuditReport` class from Arborist, which is returned by

@@ -52,0 +52,0 @@ `arborist.audit()` and stored on the instance as `arborist.auditReport`.

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc