From d985d0ef45d41385d6be57523f596994f6777044 Mon Sep 17 00:00:00 2001 From: Naugtur Date: Fri, 24 Jan 2020 00:08:39 +0100 Subject: [PATCH] polish argument passing, add e2e test --- README.md | 5 ++- package-lock.json | 71 +++++++++++++++++++++++++++++++++++++++++ package.json | 4 ++- src/pkgmanagers/npm.js | 5 +-- src/pkgmanagers/yarn.js | 5 ++- src/skipArgs.js | 1 + test/e2e/test.sh | 18 +++++++++++ 7 files changed, 104 insertions(+), 5 deletions(-) create mode 100644 src/skipArgs.js diff --git a/README.md b/README.md index a2eb89b..e75daf0 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,12 @@ The decisions you make are stored in `audit-resolve.json` to keep track of it in ### Arguments ``` ---ignoreLow automatically resolve issue to ignored if severity of all vulnerabilities in that dependency is low --yarn switched to yarn package manager as the command to support --migrate forces migration to a new file and format even if no modifications are made to decisions ``` +All other arguments are passed down to the npm/yarn audit call + ### Running in CI One of the problems this solves is running audit as part of your build pipeline. @@ -53,6 +54,8 @@ For JSON output (similar to `npm audit --json`), run check-audit --json ``` +All other arguments are passed down to the npm/yarn audit call + ## Features Want to give it a go? Download this repo and run `npm run testdrive` diff --git a/package-lock.json b/package-lock.json index c6ef5d5..5cf7562 100644 --- a/package-lock.json +++ b/package-lock.json @@ -280,6 +280,16 @@ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" }, + "lru-cache": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", + "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", + "dev": true, + "requires": { + "pseudomap": "^1.0.2", + "yallist": "^2.1.2" + } + }, "map-age-cleaner": { "version": "0.1.3", "resolved": "https://registry.npmjs.org/map-age-cleaner/-/map-age-cleaner-0.1.3.tgz", @@ -357,6 +367,12 @@ "mem": "^4.0.0" } }, + "os-shim": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/os-shim/-/os-shim-0.1.3.tgz", + "integrity": "sha1-a2LDeRz3kJ6jXtRuF2WLtBfLORc=", + "dev": true + }, "p-defer": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/p-defer/-/p-defer-1.0.0.tgz", @@ -403,11 +419,50 @@ "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=" }, + "pre-commit": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/pre-commit/-/pre-commit-1.2.2.tgz", + "integrity": "sha1-287g7p3nI15X95xW186UZBpp7sY=", + "dev": true, + "requires": { + "cross-spawn": "^5.0.1", + "spawn-sync": "^1.0.15", + "which": "1.2.x" + }, + "dependencies": { + "cross-spawn": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", + "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=", + "dev": true, + "requires": { + "lru-cache": "^4.0.1", + "shebang-command": "^1.2.0", + "which": "^1.2.9" + } + }, + "which": { + "version": "1.2.14", + "resolved": "https://registry.npmjs.org/which/-/which-1.2.14.tgz", + "integrity": "sha1-mofEN48D6CfOyvGs31bHNsAcFOU=", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } + } + } + }, "process-nextick-args": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" }, + "pseudomap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", + "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=", + "dev": true + }, "pump": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", @@ -492,6 +547,16 @@ "npm-run-path": "^2.0.2" } }, + "spawn-sync": { + "version": "1.0.15", + "resolved": "https://registry.npmjs.org/spawn-sync/-/spawn-sync-1.0.15.tgz", + "integrity": "sha1-sAeZVX63+wyDdsKdROih6mfldHY=", + "dev": true, + "requires": { + "concat-stream": "^1.4.7", + "os-shim": "^0.1.2" + } + }, "string-width": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", @@ -605,6 +670,12 @@ "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==" }, + "yallist": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", + "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", + "dev": true + }, "yargs": { "version": "12.0.5", "resolved": "https://registry.npmjs.org/yargs/-/yargs-12.0.5.tgz", diff --git a/package.json b/package.json index 4454f11..ff1e4b0 100644 --- a/package.json +++ b/package.json @@ -43,5 +43,7 @@ "yargs-parser": "^13.1.1", "yargs-unparser": "^1.5.0" }, - "devDependencies": {} + "devDependencies": { + "pre-commit": "^1.2.2" + } } diff --git a/src/pkgmanagers/npm.js b/src/pkgmanagers/npm.js index b480f32..d8f2bba 100644 --- a/src/pkgmanagers/npm.js +++ b/src/pkgmanagers/npm.js @@ -1,4 +1,5 @@ -const unparse = require('../unparse'); +const unparse = require('../unparse') +const skipArgs = require('../skipArgs') function getCommand(action) { // Derived from npm-audit-report @@ -14,7 +15,7 @@ function getCommand(action) { module.exports = { version: 1, getAudit({ promiseCommand, argv, shellOptions }) { - const unparsed = unparse(argv, ['json']); + const unparsed = unparse(argv, skipArgs) return promiseCommand(`npm audit --json ${unparsed}`, shellOptions) .then(output => { diff --git a/src/pkgmanagers/yarn.js b/src/pkgmanagers/yarn.js index 8fcf576..adacf6d 100644 --- a/src/pkgmanagers/yarn.js +++ b/src/pkgmanagers/yarn.js @@ -1,5 +1,8 @@ const packageJSON = require(require('path').resolve('./package.json')) const jsonlines = require('jsonlines') +const unparse = require('../unparse') +const skipArgs = require('../skipArgs') + function aggregateActions(audit, entry) { const modulename = entry.data.advisory.module_name @@ -33,7 +36,7 @@ module.exports = { version: 1, getAudit({ promiseCommand, argv, shellOptions }) { console.error('WARNING: yarn support is experimental') - const unparsed = unparse(argv, ['json']); + const unparsed = unparse(argv, skipArgs) return promiseCommand(`yarn audit --json ${unparsed}`, shellOptions) .then(output => { diff --git a/src/skipArgs.js b/src/skipArgs.js new file mode 100644 index 0000000..7aa5d0c --- /dev/null +++ b/src/skipArgs.js @@ -0,0 +1 @@ +module.exports = ['json', 'migrate', 'yarn', 'mock', 'fix'] \ No newline at end of file diff --git a/test/e2e/test.sh b/test/e2e/test.sh index a9543aa..eefca08 100644 --- a/test/e2e/test.sh +++ b/test/e2e/test.sh @@ -87,4 +87,22 @@ if [ $EXITCODE -ne 0 ]; then exit 1 fi + +echo 'runs check on npm with extra args' +RESULT1=`node check.js --production --XbookmarkX --migrate | grep XbookmarkX | wc -l` +RESULT2=`node check.js --production --XbookmarkX --migrate | grep XbookmarkX | grep migrate | wc -l` + +if [ $RESULT1 -ne 1 ] || [ $RESULT2 -ne 0 ]; then + echo "FAILED, expected passing arguments down to work, expected filtering out arguments to work" + exit 1 +fi + +echo 'runs check on yarn with extra args' +RESULT1=`node check.js --yarn --production --XbookmarkX --migrate | grep XbookmarkX | wc -l` +RESULT2=`node check.js --yarn --production --XbookmarkX --migrate | grep XbookmarkX | grep migrate | wc -l` + +if [ $RESULT1 -ne 1 ] || [ $RESULT2 -ne 0 ]; then + echo "FAILED, expected passing arguments down to work, expected filtering out arguments to work" + exit 1 +fi echo '- Runs ----------------------- OK'