forked from machine-learning-exchange/mlx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify_npm_packages.py
92 lines (73 loc) · 3.04 KB
/
verify_npm_packages.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import sys
from subprocess import PIPE, run
no_vulnerabilities = "found 0 vulnerabilities"
class colorText:
RED = "\033[1;31m"
BLUE = "\033[1;34m"
GREEN = "\033[0;32m"
END = "\033[0;0m"
def audit_npm(continue_to_audit: bool):
if not continue_to_audit:
return
format_vulnerablility_output = ""
audit_npm = (
run("npm audit fix", cwd="./dashboard/origin-mlx/", stdout=PIPE, shell=True)
.stdout.decode("utf-8")
.split("\n\n")
)
for message in audit_npm:
format_vulnerablility_output = (
message if "vulnerabilities" in message else format_vulnerablility_output
)
if no_vulnerabilities not in audit_npm:
print(
f"\n\n{colorText.RED}Vulnerabilites still present:\n{format_vulnerablility_output}{colorText.END}"
)
print("\nMaual investigation necessary to prevent breaking changes\n\n")
print(
f"Run:\n\t{colorText.GREEN}npm audit{colorText.END}\nand scroll up to manually manage breaking changes\n\n"
)
print(
f"Run:\n\t{colorText.GREEN}npm audit fix --force{colorText.END}\nto force update all packages including breaking changes\n\n"
)
def fix_vulnerabilities() -> (bool, str):
continue_audit = False
format_vulnerablility_output = ""
run(["rm", "package-lock.json"], cwd="./dashboard/origin-mlx/")
update_npm = run(
"npm update", cwd="./dashboard/origin-mlx/", stdout=PIPE, shell=True
).stdout.decode("utf-8")
has_vulnerabilities = no_vulnerabilities not in update_npm
return (has_vulnerabilities, update_npm)
def identify_remaining_vulnerabilities(identified_vulnerabilities: (bool, str)) -> bool:
has_vulnerabilities, update_npm = identified_vulnerabilities
format_vulnerablility_output = ""
update_npm = update_npm.split("\n")
if has_vulnerabilities:
for message in update_npm:
format_vulnerablility_output = (
message
if "vulnerabilities" in message
else format_vulnerablility_output
)
user_input = input(
f"{colorText.RED}\n\nVulnerabilities found:\n{format_vulnerablility_output}{colorText.END}\n\nWould you like to audit? [y,n]: "
)
return True if user_input in ["Y", "y"] else False
def verify_npm_packages():
check_outdated = run("npm outdated", cwd="./dashboard/origin-mlx/", shell=True)
packages_outdated = f"\n\nFound outdated npm packages\n\nRun {colorText.BLUE}make update_npm_packages{colorText.END} to update\n"
packages_up_to_date = "All packages up to date"
print(packages_outdated) if check_outdated.returncode == 1 else print(
packages_up_to_date
)
if __name__ == "__main__":
check_packages = int(sys.argv[-1])
if check_packages:
verify_npm_packages()
else:
remaining_vulnerabilities = fix_vulnerabilities()
continue_to_audit = identify_remaining_vulnerabilities(
remaining_vulnerabilities
)
audit_npm(continue_to_audit)