forked from revathskumar/npm-audit-ci
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
116 lines (102 loc) · 2.82 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
'use strict';
var exec = require('child_process').exec;
var process = require('process');
var argv = require('yargs')
.options({
'l': {
alias: 'low',
default: false,
describe: 'Exit even for low vulnerabilities',
type: 'boolean'
},
'm': {
alias: 'moderate',
default: false,
describe: 'Exit only when moderate or above vulnerabilities',
type: 'boolean'
},
'h': {
alias: 'high',
default: false,
describe: 'Exit only when high or above vulnerabilities',
type: 'boolean'
},
'c': {
alias: 'critical',
default: true,
describe: 'Exit only for critical vulnerabilities',
type: 'boolean'
},
'r': {
alias: 'report',
default: false,
describe: 'Show npm audit report',
type: 'boolean'
}
})
.help('help')
.argv;
const parseMessage = (severityline, argv = {}) => {
if (severityline.indexOf('Severity:') === -1) {
return '';
}
var matches = severityline.match(/^(\D+|)((\d+)\D+[lL]ow|)(\D+|)((\d+)\D+[mM]oderate|)(\D+|)((\d+)\D+[hH]igh|)(\D+|)((\d+)\D+[cC]ritical|)/);
var lowCount = parseInt(matches[3]);
var moderateCount = parseInt(matches[6]);
var highCount = parseInt(matches[9]);
var criticalCount = parseInt(matches[12]);
if (argv.critical && criticalCount > 0) {
return 'CRITICAL';
}
if (argv.high && (criticalCount > 0 || highCount > 0)) {
return 'HIGH';
}
if (argv.moderate && (criticalCount > 0 || highCount > 0 || moderateCount > 0)) {
return 'MODERATE';
}
if (argv.low && (criticalCount > 0 || highCount > 0 || moderateCount > 0 || lowCount > 0)) {
return 'LOW';
}
return '';
}
const run = () =>{
exec('npm audit', function (error, stdout, stderr) {
if (stdout) {
if (stdout.indexOf('[+] no known vulnerabilities found') >= 0) {
return console.log('No issues :: SUCCESS');
}
if (argv.report) {
console.log(stdout);
}
var logArr = stdout.split('\n').filter(line => line);
var severityline = logArr[logArr.length - 1];
var severityType = parseMessage(severityline, argv);
switch (severityType) {
case 'CRITICAL':
case 'HIGH':
case 'MODERATE':
case 'LOW':
let message = `FAILURE :: ${severityType}`;
if (!argv.report) {
message = `${message} :: ${severityline}`;
}
console.log(message);
process.exit(1);
return;
case '':
default:
if (!argv.report) {
console.log(severityline);
}
return;
}
}
if (error !== null) {
console.log('exec error: ' + error);
}
});
}
module.exports = {
run: run,
parseMessage: parseMessage
};