Two seperate commands for identifying and updating outdated packages

Signed-off-by: Phu Thai <phuthai450@gmail.com>

Makefile

@@ -20,6 +20,16 @@ help: ## Display the Make targets
 	@grep -E '^[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
 		awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-25s\033[0m %s\n", $$1, $$2}'
 
+.PHONY: check_npm_packages
+check_npm_packages: ## Verify NPM packages
+	@python3 tools/python/verify_npm_packages.py 1
+	@echo "$@: OK"
+
+.PHONY: update_npm_packages
+update_npm_packages: ## Update NPM packages
+	@python3 tools/python/verify_npm_packages.py 0
+	@echo "$@: OK"
+
 .PHONY: check_doc_links
 check_doc_links: ## Check Markdown files for valid links
 	@pip3 show requests > /dev/null || pip3 install requests

tools/python/verify_npm_packages.py

@@ -0,0 +1,92 @@
+import sys
+from subprocess import PIPE, run
+
+no_vulnerabilities = "found 0 vulnerabilities"
+
+
+class colorText:
+    RED = "\033[1;31m"
+    BLUE = "\033[1;34m"
+    GREEN = "\033[0;32m"
+    END = "\033[0;0m"
+
+
+def audit_npm(continue_to_audit: bool):
+    if not continue_to_audit:
+        return
+
+    format_vulnerablility_output = ""
+    audit_npm = (
+        run("npm audit fix", cwd="./dashboard/origin-mlx/", stdout=PIPE, shell=True)
+        .stdout.decode("utf-8")
+        .split("\n\n")
+    )
+    for message in audit_npm:
+        format_vulnerablility_output = (
+            message if "vulnerabilities" in message else format_vulnerablility_output
+        )
+    if no_vulnerabilities not in audit_npm:
+        print(
+            f"\n\n{colorText.RED}Vulnerabilites still present:\n{format_vulnerablility_output}{colorText.END}"
+        )
+        print("\nMaual investigation necessary to prevent breaking changes\n\n")
+        print(
+            f"Run:\n\t{colorText.GREEN}npm audit{colorText.END}\nand scroll up to manually manage breaking changes\n\n"
+        )
+        print(
+            f"Run:\n\t{colorText.GREEN}npm audit fix --force{colorText.END}\nto force update all packages including breaking changes\n\n"
+        )
+
+
+def fix_vulnerabilities() -> (bool, str):
+    continue_audit = False
+    format_vulnerablility_output = ""
+
+    run(["rm", "package-lock.json"], cwd="./dashboard/origin-mlx/")
+    update_npm = run(
+        "npm update", cwd="./dashboard/origin-mlx/", stdout=PIPE, shell=True
+    ).stdout.decode("utf-8")
+
+    has_vulnerabilities = no_vulnerabilities not in update_npm
+    return (has_vulnerabilities, update_npm)
+
+
+def identify_remaining_vulnerabilities(identified_vulnerabilities: (bool, str)) -> bool:
+    has_vulnerabilities, update_npm = identified_vulnerabilities
+    format_vulnerablility_output = ""
+    update_npm = update_npm.split("\n")
+
+    if has_vulnerabilities:
+        for message in update_npm:
+            format_vulnerablility_output = (
+                message
+                if "vulnerabilities" in message
+                else format_vulnerablility_output
+            )
+        user_input = input(
+            f"{colorText.RED}\n\nVulnerabilities found:\n{format_vulnerablility_output}{colorText.END}\n\nWould you like to audit? [y,n]: "
+        )
+        return True if user_input in ["Y", "y"] else False
+
+
+def verify_npm_packages():
+    check_outdated = run("npm outdated", cwd="./dashboard/origin-mlx/", shell=True)
+    packages_outdated = f"\n\nFound outdated npm packages\n\nRun {colorText.BLUE}make update_npm_packages{colorText.END} to update\n"
+    packages_up_to_date = "All packages up to date"
+
+    print(packages_outdated) if check_outdated.returncode == 1 else print(
+        packages_up_to_date
+    )
+
+
+if __name__ == "__main__":
+    check_packages = int(sys.argv[-1])
+
+    if check_packages:
+        verify_npm_packages()
+    else:
+        remaining_vulnerabilities = fix_vulnerabilities()
+        continue_to_audit = identify_remaining_vulnerabilities(
+            remaining_vulnerabilities
+        )
+        audit_npm(continue_to_audit)