snyk-to-html - npm Package Compare versions

Comparing version 1.2.4 to 1.3.0

lib/snyk-to-html.js

@@ -7,2 +7,3 @@ #!/usr/bin/env node
 var moment = require('moment');
+var path = require('path');
 var severityMap = {low: 0, medium: 1, high: 2};
@@ -40,8 +41,50 @@
 
+function compileTemplate(fileName) {
+  const templ = fs.readFileSync(fileName, 'utf8');
+  return Handlebars.compile(templ);
+}
+
 function generateTemplate(data, template) {
   data.vulnerabilities = groupVulns(data.vulnerabilities);
-  var htmlTemplate = fs.readFileSync(template, 'utf8');
-  return Handlebars.compile(htmlTemplate)(data);
+  const cssFile = path.join(
+    path.dirname(template),
+    'test-report.inline-css.hbs'
+    );
+  Handlebars.registerPartial('inline-css', compileTemplate(cssFile));
+  const htmlTemplate = compileTemplate(template);
+  return htmlTemplate(data);
 }
 
+function mergeData(dataArray) {
+  const vulnsArrays = dataArray.map(d => d.vulnerabilities);
+  const aggregateVulnerabilities = [].concat.apply([], vulnsArrays);
+
+  const totalUniqueCount =
+    dataArray.reduce((acc, item) => acc + item.uniqueCount, 0);
+  function fnPathCount(obj) {
+    // sample: "85 vulnerable dependency paths"
+    const matchResult = (obj.summary || '0').match(/\d+/);
+    return matchResult ? parseInt(matchResult.pop()) : 0;
+  }
+  const totalPathCount =
+    dataArray.reduce((acc,item) => acc + fnPathCount(item), 0);
+  const totalDepCount =
+    dataArray.reduce((acc, item) => acc + item.dependencyCount, 0);
+
+  const paths = dataArray.map(d => d.path);
+
+  return {
+    vulnerabilities: aggregateVulnerabilities,
+    uniqueCount: totalUniqueCount,
+    summary: totalPathCount + ' vulnerable dependency paths',
+    dependencyCount: totalDepCount,
+    paths,
+  };
+}
+
+function processData(data, template) {
+  const mergedData = Array.isArray(data) ? mergeData(data) : data;
+  return generateTemplate(mergedData, template);
+}
+
 function onDataCallback(data, template, reportCallback) {
@@ -54,3 +97,3 @@ try {
   }
-  var report = generateTemplate(data, template);
+  const report = processData(data, template);
   reportCallback(report);
@@ -72,3 +115,3 @@ }
   process.stdin.on('readable', function () {
-    var chunk = process.stdin.read();
+    const chunk = process.stdin.read();
     if (chunk !== null) {
@@ -75,0 +118,0 @@ data += chunk;

package.json

@@ -11,4 +11,3 @@ {
     "snyk-protect": "snyk protect",
-    "prepublish": "npm run snyk-protect",
-    "semantic-release": "semantic-release pre && npm publish && semantic-release post"
+    "prepublish": "npm run snyk-protect"
   },
@@ -20,5 +19,5 @@ "author": "",
     "marked": "^0.3.6",
+    "minimist": "^1.2.0",
     "moment": "^2.18.1",
-    "snyk": "^1.52.0",
-    "minimist": "^1.2.0"
+    "snyk": "^1.97.0"
   },
@@ -31,3 +30,2 @@ "bin": {
     "jscs": "^3.0.7",
-    "semantic-release": "^6.3.6",
     "tap": "^10.3.2",
@@ -40,3 +38,3 @@ "tap-only": "0.0.5"
   },
-  "version": "1.2.4"
-}
+  "version": "1.3.0"
+}

test/snyk-to-html.test.js

@@ -16,2 +16,15 @@ var test = require('tap-only');
 
+test('multi-report test', function (t) {
+  t.plan(5);
+  snykToHtml.run(
+    __dirname + '/fixtures/multi-test-report.json',
+    __dirname + '/../template/test-report.hbs',
+    function (report) {
+      t.contains(report, '<div class="meta-count"><span>139 vulnerable dependency paths</span></div>');
+      t.contains(report, '<h2 class="card__title">Access Restriction Bypass</h2>');
+      t.contains(report, '<h2 class="card__title">Regular Expression Denial of Service (ReDoS)<\/h2>');
+      t.contains(report, '<h2 class="card__title">Cross-site Scripting (XSS)</h2>');
+      t.contains(report, '<h2 class="card__title">Regular Expression Denial of Service (DoS)</h2>');
+    });
+});
 
@@ -18,0 +31,0 @@ test('empty values test (description and info)', function (t) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1063517

increased by190.14%

Dev dependency count

3

decreased by-25%

Number of package files

17

increased by13.33%

Lines of code

17991

increased by212.78%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• Updatedsnyk@^1.97.0