snyk - npm Package Compare versions

Comparing version 1.3.0 to 1.3.1

cli/commands/protect/wizard.js

 module.exports = wizard;
+// used for testing
+module.exports.processAnswers = processAnswers;
 
@@ -49,3 +51,2 @@ var Promise = require('es6-promise').Promise; // jshint ignore:line
 
-      var cwd = process.cwd();
       var intro = __dirname + '/../../../help/wizard-intro.txt';
@@ -55,2 +56,3 @@ return fs.readFile(intro, 'utf8').then(function (str) {
       }).then(function () {
+        var cwd = process.cwd();
         return snyk.test(cwd).then(function (res) {
@@ -75,4 +77,4 @@ if (res.ok) {
 function interactive(vulns, policy, options) {
+  var prompts = getPrompts(vulns);
   var cwd = process.cwd();
-  var prompts = getPrompts(vulns);
   var packageFile = path.resolve(cwd, 'package.json');
@@ -84,178 +86,196 @@
       inquirer.prompt(prompts.concat(nextSteps(pkg)), function (answers) {
-        var tasks = {
-          ignore: [],
-          update: [],
-          patch: [],
-          skip: [],
-        };
+        resolve(processAnswers(answers, policy, options));
+      });
+    });
+  });
+}
 
-        Object.keys(answers).forEach(function (key) {
-          // if we're looking at a reason, skip it
-          if (key.indexOf('-reason') !== -1) {
-            return;
-          }
+function processAnswers(answers, policy, options) {
+  var cwd = process.cwd();
+  var packageFile = path.resolve(cwd, 'package.json');
 
-          // ignore misc questions, like "add snyk test to package?"
-          if (key.indexOf('misc-') === 0) {
-            return;
-          }
+  if (!options) {
+    options = {};
+  }
 
-          var answer = answers[key];
-          var task = answer.choice;
+  var tasks = {
+    ignore: [],
+    update: [],
+    patch: [],
+    skip: [],
+  };
 
-          if (task === 'ignore') {
-            answer.meta.reason = answers[key + '-reason'];
-            tasks[task].push(answer);
-          } else {
-            tasks[task].push(answer.vuln);
-          }
-        });
+  var pkg = {};
 
-        debug(tasks);
+  Object.keys(answers).forEach(function (key) {
+    // if we're looking at a reason, skip it
+    if (key.indexOf('-reason') !== -1) {
+      return;
+    }
 
-        var live = !options['dry-run'];
-        var promise = protect.generatePolicy(policy, tasks, live);
-        var snykVersion = '*';
+    // ignore misc questions, like "add snyk test to package?"
+    if (key.indexOf('misc-') === 0) {
+      return;
+    }
 
-        var res = promise.then(function (policy) {
-          if (!live) {
-            // if this was a dry run, we'll throw an error to bail out of the
-            // promise chain, then in the catch, check the error.code and if
-            // it matches `DRYRUN` we'll return the text and not an error
-            // (which avoids the exit code 1).
-            var e = new Error('This was a dry run: nothing changed');
-            e.code = 'DRYRUN';
-            throw e;
-          }
+    var answer = answers[key];
+    var task = answer.choice;
 
-          return snyk.dotfile.save(policy);
-        })
-        .then(function () {
-          // re-read the package.json - because the generatePolicy can apply
-          // an `npm install` which will change the deps
-          return fs.readFile(packageFile, 'utf8')
-            .then(JSON.parse)
-            .then(function (updatedPkg) {
-              pkg = updatedPkg;
-            });
-        })
-        .then(getVersion)
-        .then(function (v) {
-          debug('snyk version: %s', v);
-          // little hack to circumvent local testing where the version will
-          // be the git branch + commit
-          if (v.match(/^\d+\./) === null) {
-            v = '*';
-          } else {
-            v = '^' + v;
-          }
-          snykVersion = v;
-        })
-        .then(function () {
-          if (!answers['misc-add-test']) {
-            return;
-          }
+    if (task === 'ignore') {
+      answer.meta.reason = answers[key + '-reason'];
+      tasks[task].push(answer);
+    } else {
+      tasks[task].push(answer.vuln);
+    }
+  });
 
-          debug('adding `snyk test` to package');
+  debug(tasks);
 
-          if (!pkg.scripts) {
-            pkg.scripts = {};
-          }
+  var live = !options['dry-run'];
+  var promise = protect.generatePolicy(policy, tasks, live);
+  var snykVersion = '*';
 
-          var test = pkg.scripts.test;
-          var cmd = 'snyk test';
-          if (test) {
-            // only add the test if it's not already in the test
-            if (test.indexOf(cmd) === -1) {
-              pkg.scripts.test = cmd + ' && ' + test;
-            }
-          } else {
-            pkg.scripts.test = cmd;
-          }
-        })
-        .then(function () {
-          if (!answers['misc-add-protect']) {
-            return;
-          }
+  var res = promise.then(function (policy) {
+    if (!live) {
+      // if this was a dry run, we'll throw an error to bail out of the
+      // promise chain, then in the catch, check the error.code and if
+      // it matches `DRYRUN` we'll return the text and not an error
+      // (which avoids the exit code 1).
+      var e = new Error('This was a dry run: nothing changed');
+      e.code = 'DRYRUN';
+      throw e;
+    }
 
-          debug('adding `snyk protect` to package');
+    return snyk.dotfile.save(policy);
+  })
+  .then(function () {
+    // re-read the package.json - because the generatePolicy can apply
+    // an `npm install` which will change the deps
+    return fs.readFile(packageFile, 'utf8')
+      .then(JSON.parse)
+      .then(function (updatedPkg) {
+        pkg = updatedPkg;
+      });
+  })
+  .then(getVersion)
+  .then(function (v) {
+    debug('snyk version: %s', v);
+    // little hack to circumvent local testing where the version will
+    // be the git branch + commit
+    if (v.match(/^\d+\./) === null) {
+      v = '*';
+    } else {
+      v = '^' + v;
+    }
+    snykVersion = v;
+  })
+  .then(function () {
+    if (!answers['misc-add-test']) {
+      return;
+    }
 
-          if (!pkg.scripts) {
-            pkg.scripts = {};
-          }
+    debug('adding `snyk test` to package');
 
-          pkg.scripts['snyk-protect'] = 'snyk protect';
+    if (!pkg.scripts) {
+      pkg.scripts = {};
+    }
 
-          var cmd = 'npm run snyk-protect';
-          var postInstall = pkg.scripts.postinstall;
-          if (postInstall) {
-            // only add the postinstall if it's not already in the postinstall
-            if (postInstall.indexOf(cmd) === -1) {
-              pkg.scripts.postinstall = cmd + '; ' + postInstall;
-            }
-          } else {
-            pkg.scripts.postinstall = cmd;
-          }
+    var test = pkg.scripts.test;
+    var cmd = 'snyk test';
+    if (test) {
+      // only add the test if it's not already in the test
+      if (test.indexOf(cmd) === -1) {
+        pkg.scripts.test = cmd + ' && ' + test;
+      }
+    } else {
+      pkg.scripts.test = cmd;
+    }
+  })
+  .then(function () {
+    if (!answers['misc-add-protect']) {
+      return;
+    }
 
-          pkg.snyk = true;
-        })
-        .then(function () {
-          if (answers['misc-add-test'] || answers['misc-add-protect']) {
-            debug('updating %s', packageFile);
+    debug('adding `snyk protect` to package');
 
-            // finally, add snyk as a dependency because they'll need it
-            // during the protect process
-            var depLocation = 'dependencies';
+    if (!pkg.scripts) {
+      pkg.scripts = {};
+    }
 
-            if (!pkg[depLocation]) {
-              pkg[depLocation] = {};
-            }
+    pkg.scripts['snyk-protect'] = 'snyk protect';
 
-            if (!pkg[depLocation].snyk) {
-              pkg[depLocation].snyk = snykVersion;
-            }
+    var cmd = 'npm run snyk-protect';
+    var postInstall = pkg.scripts.postinstall;
+    if (postInstall) {
+      // only add the postinstall if it's not already in the postinstall
+      if (postInstall.indexOf(cmd) === -1) {
+        pkg.scripts.postinstall = cmd + '; ' + postInstall;
+      }
+    } else {
+      pkg.scripts.postinstall = cmd;
+    }
 
-            return fs.writeFile(packageFile, JSON.stringify(pkg, '', 2));
-          }
-        })
-        .then(function () {
-          debug('running monitor');
-          var lbl = 'Remembering current dependencies for future ' +
-            'notifications...';
-          return snyk.modules(cwd)
-            .then(spinner(lbl))
-            .then(snyk.monitor.bind(null, {
-              method: 'wizard',
-            }))
-            .then(spinner.clear(lbl));
-        })
-        .then(function (monitorRes) {
-          var endpoint = url.parse(config.API);
-          endpoint.pathname = '/monitor/' + monitorRes.id;
+    pkg.snyk = true;
+  })
+  .then(function () {
+    if (answers['misc-add-test'] || answers['misc-add-protect']) {
+      debug('updating %s', packageFile);
 
-          return (options.newDotFile ?
-            // if it's a newly created file
-            '\nYour policy file has been created with the actions you\'ve ' +
-              'selected, add it to your source control (`git add .snyk`).' :
-            // otherwise we updated it
-            '\nYour .snyk policy file has been successfully updated.') +
-            '\n\nYou can see a snapshot of your dependencies here:\n' +
-            url.format(endpoint) +
-            '\n\nWe\'ll notify you when relevant new vulnerabilities are ' +
-            'disclosed.';
-        })
-        .catch(function (error) {
-          // if it's a dry run - exit with 0 status
-          if (error.code === 'DRYRUN') {
-            return error.message;
-          }
+      // finally, add snyk as a dependency because they'll need it
+      // during the protect process
+      var depLocation = 'dependencies';
 
-          throw error;
-        });
+      if (!pkg[depLocation]) {
+        pkg[depLocation] = {};
+      }
 
-        resolve(res);
-      });
-    });
+      if (!pkg[depLocation].snyk) {
+        pkg[depLocation].snyk = snykVersion;
+      }
+
+      return fs.writeFile(packageFile, JSON.stringify(pkg, '', 2));
+    }
+  })
+  .then(function () {
+    if (answers['misc-test-no-monitor']) { // allows us to automate tests
+      return {
+        id: 'test'
+      };
+    }
+
+    debug('running monitor');
+    var lbl = 'Remembering current dependencies for future ' +
+      'notifications...';
+    return snyk.modules(cwd)
+      .then(spinner(lbl))
+      .then(snyk.monitor.bind(null, {
+        method: 'wizard',
+      }))
+      .then(spinner.clear(lbl));
+  })
+  .then(function (monitorRes) {
+    var endpoint = url.parse(config.API);
+    endpoint.pathname = '/monitor/' + monitorRes.id;
+
+    return (options.newDotFile ?
+      // if it's a newly created file
+      '\nYour policy file has been created with the actions you\'ve ' +
+        'selected, add it to your source control (`git add .snyk`).' :
+      // otherwise we updated it
+      '\nYour .snyk policy file has been successfully updated.') +
+      '\n\nYou can see a snapshot of your dependencies here:\n' +
+      url.format(endpoint) +
+      '\n\nWe\'ll notify you when relevant new vulnerabilities are ' +
+      'disclosed.';
+  })
+  .catch(function (error) {
+    // if it's a dry run - exit with 0 status
+    if (error.code === 'DRYRUN') {
+      return error.message;
+    }
+
+    throw error;
   });
-}
 
+  return res;
+}

lib/dotfile.js

@@ -1,2 +0,1 @@
-
 var yaml = require('js-yaml');
@@ -6,3 +5,2 @@ var fs = require('then-fs');
 var Promise = require('es6-promise').Promise; // jshint ignore:line
-var defaultFilename = path.resolve(process.cwd(), '.snyk');
 var spinner = require('./spinner');
@@ -18,2 +16,7 @@
 
+// this is a function to allow our tests and fixtures to change cwd
+function defaultFilename() {
+  return path.resolve(process.cwd(), '.snyk');
+}
+
 // eventually we'll have v2 which will point to latestParser, and v1 will
@@ -26,2 +29,6 @@ // need to process the old form of data and upgrade it to v2 structure
 function parse(data) {
+  if (!data) {
+    data = {};
+  }
+
   if (!data.version) {
@@ -52,3 +59,3 @@ data.version = defaultVersion;
 
-  var filename = root ? path.resolve(root, '.snyk') : defaultFilename;
+  var filename = root ? path.resolve(root, '.snyk') : defaultFilename();
 
@@ -63,3 +70,3 @@ return fs.readFile(filename, 'utf8').then(function (yamlContent) {
     path.resolve(root, '.snyk') :
-    defaultFilename;
+    defaultFilename();
 
@@ -66,0 +73,0 @@ var lbl = 'Creating .snyk policy file...';

lib/index.js

@@ -38,3 +38,2 @@ module.exports = snyk;
 snyk.modules = require('./modules');
-snyk.watch = require('./watch');
 snyk.test = require('./test');
@@ -41,0 +40,0 @@ snyk.monitor = require('./monitor');

lib/protect.js

@@ -439,3 +439,5 @@ var protect = module.exports = {
             debug('writing flag to %s', flag);
-            return fs.writeFile(flag, now.toJSON(), 'utf8');
+            return fs.writeFile(flag, now.toJSON(), 'utf8').then(function () {
+              return true;
+            });
           }, function () {
@@ -442,0 +444,0 @@ // this is a general "patch failed", since we already check if the

lib/spinner.js

@@ -8,2 +8,3 @@ module.exports = createSpinner;
 var sticky = false;
+var handleExit = false;
 
@@ -90,3 +91,4 @@ function createSpinner(label) {
   var cleanup = typeof opt.cleanup === 'boolean' ? opt.cleanup : true;
-  if (cleanup) {
+  if (cleanup && !handleExit) {
+    handleExit = true;
     process.on('exit', function () {
@@ -93,0 +95,0 @@ if (wrote) {

package.json

@@ -13,3 +13,3 @@ {
     "lint": "jscs cli/*.js cli/**/*.js lib/*.js -v",
-    "test": "npm run lint && tape test/*.test.js --cov | tap-spec && node cli/index.js test",
+    "test": "npm run lint && tap test/*.test.js --cov --timeout=60 && node cli/index.js test > /dev/null",
     "watch": "nodemon -q -x 'for FILE in test/*.test.js; do echo $FILE; tape $FILE | tap-spec; if [ $? -ne 0 ]; then exit 1; fi; done'",
@@ -50,3 +50,3 @@ "semantic-release": "semantic-release pre && npm publish && semantic-release post",
   "devDependencies": {
-    "@snyk/registry": "^2.7.1",
+    "@snyk/registry": "^2.13.2",
     "babel": "^5.8.29",
@@ -57,3 +57,3 @@ "istanbul": "^0.4.0",
     "semantic-release": "^4.3.5",
-    "tap-spec": "^2.2.2",
+    "tap": "^2.3.0",
     "tape": "^4.0.0"
@@ -65,3 +65,3 @@ },
   },
-  "version": "1.3.0"
+  "version": "1.3.1"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1346844

increased by1234.54%

Number of package files

63

increased by34.04%

Worsened metrics

Lines of code

2430

decreased by-0.65%

No dependency changes