Shorten node path for NPM v7

jeemok · Aug 15, 2021 · 5f36c41 · 5f36c41
1 parent 530b2b8
commit 5f36c41
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 14 deletions.
diff --git a/src/utils/common.ts b/src/utils/common.ts
@@ -41,3 +41,12 @@ export function trimArray(array: string[], maxLength: number): string[] {
   array.length = maxLength;
   return array.concat(`...and ${removedLength} more`);
 }
+
+/**
+ * Shorten node path (node_modules/nodemon/node_modules/chokidar/node_modules/fsevents) to (nodemon>chokidar>fsevents)
+ * @param {String} path Full node path
+ * @return {String}     Shorten Path
+ */
+export function shortenNodePath(path: string): string {
+  return path.replace('node_modules/', '').replace(/\/node_modules\//g, '>');
+}
diff --git a/src/utils/vulnerability.ts b/src/utils/vulnerability.ts
@@ -1,6 +1,6 @@
 import get from 'lodash.get';
 
-import { isJsonString, trimArray } from './common';
+import { isJsonString, trimArray, shortenNodePath } from './common';
 import { color, getSeverityBgColor } from './color';
 import { printExceptionReport } from './print';
 import { analyzeExpiry } from './date';
@@ -127,7 +127,7 @@ export function processAuditJson(jsonBuffer = '', auditLevel: AuditLevel = 'info
             color(String(id), isExcepted ? '' : 'yellow'),
             color(vul.name, isExcepted ? '' : 'yellow'),
             color(vul.title, isExcepted ? '' : 'yellow'),
-            color(trimArray(get(cur, 'nodes', []), MAX_PATHS_SIZE).join('\n'), isExcepted ? '' : 'yellow'),
+            color(trimArray(get(cur, 'nodes', []).map(shortenNodePath), MAX_PATHS_SIZE).join('\n'), isExcepted ? '' : 'yellow'),
             color(vul.severity, isExcepted ? '' : 'yellow', getSeverityBgColor(vul.severity)),
             color(vul.url, isExcepted ? '' : 'yellow'),
             isExcepted ? 'y' : color('n', 'yellow'),

diff --git a/test/__mocks__/v7-security-report-table-data.json b/test/__mocks__/v7-security-report-table-data.json
@@ -3,7 +3,7 @@
     "\u001b[33m1555\u001b[0m",
     "\u001b[33mbl\u001b[0m",
     "\u001b[33mRemote Memory Exposure\u001b[0m",
-    "\u001b[33mnode_modules/bl\u001b[0m",
+    "\u001b[33mbl\u001b[0m",
     "\u001b[33m\u001b[41mcritical\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1555\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -12,7 +12,7 @@
     "\u001b[33m1213\u001b[0m",
     "\u001b[33mdot-prop\u001b[0m",
     "\u001b[33mPrototype Pollution\u001b[0m",
-    "\u001b[33mnode_modules/dot-prop\u001b[0m",
+    "\u001b[33mdot-prop\u001b[0m",
     "\u001b[33m\u001b[41mhigh\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1213\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -21,7 +21,7 @@
     "\u001b[33m1589\u001b[0m",
     "\u001b[33mini\u001b[0m",
     "\u001b[33mPrototype Pollution\u001b[0m",
-    "\u001b[33mnode_modules/fsevents/node_modules/ini\nnode_modules/ini\u001b[0m",
+    "\u001b[33mfsevents>ini\nini\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1589\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -30,7 +30,7 @@
     "\u001b[33m1523\u001b[0m",
     "\u001b[33mlodash\u001b[0m",
     "\u001b[33mPrototype Pollution\u001b[0m",
-    "\u001b[33mnode_modules/lodash\u001b[0m",
+    "\u001b[33mlodash\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1523\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -39,7 +39,7 @@
     "\u001b[33m1084\u001b[0m",
     "\u001b[33mmem\u001b[0m",
     "\u001b[33mDenial of Service\u001b[0m",
-    "\u001b[33mnode_modules/loopback-connector-rest/node_modules/mem\u001b[0m",
+    "\u001b[33mloopback-connector-rest>mem\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1084\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -48,7 +48,7 @@
     "\u001b[33m1179\u001b[0m",
     "\u001b[33mminimist\u001b[0m",
     "\u001b[33mPrototype Pollution\u001b[0m",
-    "\u001b[33mnode_modules/mocha/node_modules/minimist\u001b[0m",
+    "\u001b[33mmocha>minimist\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1179\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -57,7 +57,7 @@
     "\u001b[33m1556\u001b[0m",
     "\u001b[33mnode-fetch\u001b[0m",
     "\u001b[33mDenial of Service\u001b[0m",
-    "\u001b[33mnode_modules/node-fetch\u001b[0m",
+    "\u001b[33mnode-fetch\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1556\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -66,7 +66,7 @@
     "\u001b[33m975\u001b[0m",
     "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mReverse Tabnapping\u001b[0m",
-    "\u001b[33mnode_modules/swagger-ui\u001b[0m",
+    "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/975\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -75,7 +75,7 @@
     "\u001b[33m976\u001b[0m",
     "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mCross-Site Scripting\u001b[0m",
-    "\u001b[33mnode_modules/swagger-ui\u001b[0m",
+    "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/976\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -84,7 +84,7 @@
     "\u001b[33m985\u001b[0m",
     "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mCross-Site Scripting\u001b[0m",
-    "\u001b[33mnode_modules/swagger-ui\u001b[0m",
+    "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/985\u001b[0m",
     "\u001b[33mn\u001b[0m"
@@ -93,7 +93,7 @@
     "\u001b[33m1500\u001b[0m",
     "\u001b[33myargs-parser\u001b[0m",
     "\u001b[33mPrototype Pollution\u001b[0m",
-    "\u001b[33mnode_modules/mocha/node_modules/yargs-parser\nnode_modules/yargs-unparser/node_modules/yargs-parser\u001b[0m",
+    "\u001b[33mmocha>yargs-parser\nyargs-unparser>yargs-parser\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1500\u001b[0m",
     "\u001b[33mn\u001b[0m"

diff --git a/test/utils/common.test.ts b/test/utils/common.test.ts
@@ -1,5 +1,5 @@
 import { expect } from 'chai';
-import { isWholeNumber, isJsonString } from '../../src/utils/common';
+import { isWholeNumber, isJsonString, shortenNodePath } from '../../src/utils/common';
 
 describe('Common utils', () => {
   describe('#isJsonString', () => {
@@ -28,6 +28,17 @@ describe('Common utils', () => {
       expect(isWholeNumber('0920')).to.equal(true);
     });
   });
+
+  describe('#shortenNodePath', () => {
+    it('should be able to shorten node path correctly', () => {
+      expect(shortenNodePath('node_modules/nodemon')).to.equal('nodemon');
+      expect(
+        shortenNodePath(
+          'node_modules/nodemon/node_modules/chokidar/node_modules/fsevents/node_modules/node-pre-gyp/node_modules/rc/node_modules/ini',
+        ),
+      ).to.equal('nodemon>chokidar>fsevents>node-pre-gyp>rc>ini');
+    });
+  });
 });
 
 export {};