Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
audit: add support for --parseable output (#20554)
PR-URL: #20554
Credit: @luislobo
Reviewed-By: @zkat
Reviewed-By: @iarna
  • Loading branch information
luislobo authored and zkat committed Jul 10, 2018
1 parent 7381783 commit 244b18380ee55950b13c293722771130dbad70de
Showing with 31 additions and 5 deletions.
  1. +13 −1 doc/cli/npm-audit.md
  2. +8 −4 lib/audit.js
  3. +10 −0 lib/install/audit.js
@@ -3,7 +3,7 @@ npm-audit(1) -- Run a security audit

## SYNOPSIS

npm audit [--json]
npm audit [--json|--parseable]
npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]

## EXAMPLES
@@ -48,6 +48,18 @@ Get the detailed audit report in JSON format:
$ npm audit --json
```

Get the detailed audit report in plain text result, separated by tab characters, allowing for
future reuse in scripting or command line post processing, like for example, selecting
some of the columns printed:
```
$ npm audit --parseable
```

To parse columns, you can use for example `awk`, and just print some of them:
```
$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
```

## DESCRIPTION

The audit command submits a description of the dependencies configured in
@@ -104,7 +104,7 @@ function maybeReadFile (name) {
}
})
.catch({code: 'ENOENT'}, () => null)
.catch(ex => {
.catch((ex) => {
ex.file = file
throw ex
})
@@ -156,7 +156,7 @@ function auditCmd (args, cb) {
(pkgJson && pkgJson.dependencies) || {},
(pkgJson && pkgJson.devDependencies) || {}
)
return lockVerify(npm.prefix).then(result => {
return lockVerify(npm.prefix).then((result) => {
if (result.status) return audit.generate(sw, requires)

const lockFile = shrinkwrap ? 'npm-shrinkwrap.json' : 'package-lock.json'
@@ -167,7 +167,7 @@ function auditCmd (args, cb) {
})
}).then((auditReport) => {
return audit.submitForFullReport(auditReport)
}).catch(err => {
}).catch((err) => {
if (err.statusCode === 404 || err.statusCode >= 500) {
const ne = new Error(`Your configured registry (${npm.config.get('registry')}) does not support audit requests.`)
ne.code = 'ENOAUDIT'
@@ -262,7 +262,11 @@ function auditCmd (args, cb) {
auditResult.metadata.vulnerabilities.high +
auditResult.metadata.vulnerabilities.critical
if (vulns > 0) process.exitCode = 1
return audit.printFullReport(auditResult)
if (npm.config.get('parseable')) {
return audit.printParseableReport(auditResult)
} else {
return audit.printFullReport(auditResult)
}
}
}).asCallback(cb)
}
@@ -4,6 +4,7 @@ exports.generateFromInstall = generateFromInstall
exports.submitForInstallReport = submitForInstallReport
exports.submitForFullReport = submitForFullReport
exports.printInstallReport = printInstallReport
exports.printParseableReport = printParseableReport
exports.printFullReport = printFullReport

const Bluebird = require('bluebird')
@@ -112,6 +113,15 @@ function printFullReport (auditResult) {
}).then(result => output(result.report))
}

function printParseableReport (auditResult) {
return auditReport(auditResult, {
log: output,
reporter: 'parseable',
withColor: npm.color,
withUnicode: npm.config.get('unicode')
}).then(result => output(result.report))
}

function generate (shrinkwrap, requires, diffs, install, remove) {
const sw = cloneDeep(shrinkwrap)
delete sw.lockfileVersion

0 comments on commit 244b183

Please sign in to comment.