Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support new npm audit JSON format #542

Closed
ediblecode opened this issue Jul 26, 2022 · 2 comments
Closed

Support new npm audit JSON format #542

ediblecode opened this issue Jul 26, 2022 · 2 comments

Comments

@ediblecode
Copy link

It looks like npm 7+ has changed the format of the JSON returned from npm audit --json. There's a great post here that explains a lot of the details.

So this line where we get auditResult.advisories would need to traverse over auditResult.vulnerabilities etc instead, based on the presence of the new auditReportVersion field:

npm-audit-reporter-teamcity/src/reporter.ts

Line 116 in 81cba9a

Object.keys(auditResult.advisories).forEach((advisoryId) => {

To replicated, I'm using volta locally. If I run:

volta install node@14
npm -v
npm audit --json

I see npm 6 and the old JSON format that looks like:

{
"actions": [],
"advisories": {
  "SOME ID": {
    ...
  }
}
"muted": [],
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 6,
      "high": 7,
      "critical": 0
    },
    "dependencies": 0,
    "devDependencies": 2387,
    "optionalDependencies": 25,
    "totalDependencies": 2387
  },
  "runId": "SOME GUID"
}

Then if I run

volta install node@16
npm -v
npm audit --json

I see npm 8 and the new JSON format that looks like:

{
  "auditReportVersion": 2,
  "vulnerabilities": {
    ...
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 13,
      "high": 18,
      "critical": 0,
      "total": 31
    },
    "dependencies": {
      "prod": 1,
      "dev": 2381,
      "optional": 25,
      "peer": 0,
      "peerOptional": 0,
      "total": 2381
    }
  }
}
ediblecode added a commit to nice-digital/cks-gatsby that referenced this issue Jul 27, 2022
@ediblecode
CKS-642 Remove TeamCity audit reporter
9a228b3 
See cy6erskunk/npm-audit-reporter-teamcity#542
@ediblecode ediblecode mentioned this issue Jul 27, 2022
Open
@cy6erskunk
Copy link
Owner

Hey @ediblecode! Thanks for the report and for the link to the article, it helps a lot. It seems the logic was changed quite a bit, but I can try to come up with something. Of course, feel free to create a PR, I'd be happy to review it.

kavithanice pushed a commit to nice-digital/cks-gatsby that referenced this issue Aug 10, 2022
@ediblecode
CKS-642 Rebrand (#231)
f74703a 
* CKS-642 Update packages

* CKS-642 Rebrand

* CKS-642 Refactor to use NDS alphabet/A-Z

* CKS-642 Bump Node to 14

* CKS-642 Refactor A to Z using NDS component

* CKS-642 Remove TeamCity audit reporter

See cy6erskunk/npm-audit-reporter-teamcity#542

* CKS-642 Use link component for A-Z

* CKS-642 Make 'on this page' Inter

* CKS-642 Make accordion Inter

* CKS-642 Bump NDS version

* CKS-642 Remove audit TC reporter

* CKS-642 Update snapshot

* CKS-642 Increase test timeout

* CKS-642 Fix test

* CKS-642 Bump func test packages

* CKS-642 Bump packages

* CKS-642 Change audit command

* CKS-642 Bump NDS version

* CKS-642 Bump NDS and GN versions

* CKS-642 Fix test

* CKS-642 Bump NDS version

* CKS-642 NDS version bump

* CKS-642 Bump major NDS version

Co-authored-by: Chris Barker <chris.barker@nice.org.uk>
This was referenced Jan 5, 2023
Closed
Merged
@cy6erskunk
Copy link
Owner

Done with #584, released in 0.4.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cy6erskunk @ediblecode