Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 39510e1

Browse files
isaacsisaacs
committed
fix: print quick audit report for human output
This was broken when the support/funding functionality changed the return value to no longer track the promise for the quick audit printing. It was not caught by tests, because they were only running against the --json output, and not verifying the quick audit results in any way. Added a test to track the --json quick audit results (which were not broken, but someday could become so) and the human printed quick audit results (which were broken). Paired with @ruyadorno @mikemimik
1 parent 9c7161d commit 39510e1

File tree

5 files changed

+134
-15
lines changed

5 files changed

+134
-15
lines changed

lib/install.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -877,9 +877,6 @@ Installer.prototype.printInstalledForHuman = function (diffs, auditResult) {
877877
report += ' in ' + ((Date.now() - this.started) / 1000) + 's'
878878

879879
output(report)
880-
if (auditResult) {
881-
audit.printInstallReport(auditResult)
882-
}
883880

884881
function packages (num) {
885882
return num + ' package' + (num > 1 ? 's' : '')
@@ -910,6 +907,10 @@ Installer.prototype.printInstalledForHuman = function (diffs, auditResult) {
910907
if (printFundingReport.length) {
911908
output(printFundingReport)
912909
}
910+
911+
if (auditResult) {
912+
return audit.printInstallReport(auditResult)
913+
}
913914
}
914915

915916
Installer.prototype.printInstalledForJSON = function (diffs, auditResult) {

lib/install/fund.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@ function getPrintFundingReport ({ fund, idealTree }, opts) {
3939

4040
return padding('') + length + ' ' +
4141
packageQuantity(length) +
42-
' looking for funding.' +
43-
padding('Run "npm fund" to find out more.')
42+
' looking for funding' +
43+
padding(' run `npm fund` for details\n')
4444
}
4545

4646
function getPrintFundingReportJSON ({ fund, idealTree }) {

test/tap/audit.js

Lines changed: 119 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,66 @@ function tmock (t) {
2727
})
2828
}
2929

30+
const quickAuditResult = {
31+
actions: [],
32+
advisories: {
33+
'1316': {
34+
findings: [
35+
{
36+
version: '1.0.0',
37+
paths: [
38+
'baddep'
39+
]
40+
}
41+
],
42+
'id': 1316,
43+
'created': '2019-11-14T15:29:41.991Z',
44+
'updated': '2019-11-14T19:35:30.677Z',
45+
'deleted': null,
46+
'title': 'Arbitrary Code Execution',
47+
'found_by': {
48+
'link': '',
49+
'name': 'François Lajeunesse-Robert',
50+
'email': ''
51+
},
52+
'reported_by': {
53+
'link': '',
54+
'name': 'François Lajeunesse-Robert',
55+
'email': ''
56+
},
57+
'module_name': 'baddep',
58+
'cves': [],
59+
'vulnerable_versions': '<4.5.2',
60+
'patched_versions': '>=4.5.2',
61+
'overview': 'a nice overview of the advisory',
62+
'recommendation': 'how you should fix it',
63+
'references': '',
64+
'access': 'public',
65+
'severity': 'high',
66+
'cwe': 'CWE-79',
67+
'metadata': {
68+
'module_type': '',
69+
'exploitability': 6,
70+
'affected_components': ''
71+
},
72+
'url': 'https://npmjs.com/advisories/1234542069'
73+
}
74+
},
75+
'muted': [],
76+
'metadata': {
77+
'vulnerabilities': {
78+
'info': 0,
79+
'low': 0,
80+
'moderate': 0,
81+
'high': 1,
82+
'critical': 0
83+
},
84+
'dependencies': 1,
85+
'devDependencies': 0,
86+
'totalDependencies': 1
87+
}
88+
}
89+
3090
test('exits with zero exit code for vulnerabilities below the `audit-level` flag', t => {
3191
const fixture = new Tacks(new Dir({
3292
'package.json': new File({
@@ -40,7 +100,7 @@ test('exits with zero exit code for vulnerabilities below the `audit-level` flag
40100
fixture.create(testDir)
41101
return tmock(t).then(srv => {
42102
srv.filteringRequestBody(req => 'ok')
43-
srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, 'yeah')
103+
srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, quickAuditResult)
44104
srv.get('/baddep').twice().reply(200, {
45105
name: 'baddep',
46106
'dist-tags': {
@@ -75,6 +135,8 @@ test('exits with zero exit code for vulnerabilities below the `audit-level` flag
75135
'--registry', common.registry,
76136
'--cache', path.join(testDir, 'npm-cache')
77137
], EXEC_OPTS).then(([code, stdout, stderr]) => {
138+
const result = JSON.parse(stdout)
139+
t.same(result.audit, quickAuditResult, 'printed quick audit result')
78140
srv.filteringRequestBody(req => 'ok')
79141
srv.post('/-/npm/v1/security/audits', 'ok').reply(200, {
80142
actions: [{
@@ -102,6 +164,62 @@ test('exits with zero exit code for vulnerabilities below the `audit-level` flag
102164
})
103165
})
104166

167+
test('shows quick audit results summary for human', t => {
168+
const fixture = new Tacks(new Dir({
169+
'package.json': new File({
170+
name: 'foo',
171+
version: '1.0.0',
172+
dependencies: {
173+
baddep: '1.0.0'
174+
}
175+
})
176+
}))
177+
fixture.create(testDir)
178+
return tmock(t).then(srv => {
179+
srv.filteringRequestBody(req => 'ok')
180+
srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, quickAuditResult)
181+
srv.get('/baddep').twice().reply(200, {
182+
name: 'baddep',
183+
'dist-tags': {
184+
'latest': '1.2.3'
185+
},
186+
versions: {
187+
'1.0.0': {
188+
name: 'baddep',
189+
version: '1.0.0',
190+
_hasShrinkwrap: false,
191+
dist: {
192+
shasum: 'deadbeef',
193+
tarball: common.registry + '/idk/-/idk-1.0.0.tgz'
194+
}
195+
},
196+
'1.2.3': {
197+
name: 'baddep',
198+
version: '1.2.3',
199+
_hasShrinkwrap: false,
200+
dist: {
201+
shasum: 'deadbeef',
202+
tarball: common.registry + '/idk/-/idk-1.2.3.tgz'
203+
}
204+
}
205+
}
206+
})
207+
return common.npm([
208+
'install',
209+
'--audit',
210+
'--no-json',
211+
'--package-lock-only',
212+
'--registry', common.registry,
213+
'--cache', path.join(testDir, 'npm-cache')
214+
], EXEC_OPTS).then(([code, stdout, stderr]) => {
215+
t.match(stdout, new RegExp('added 1 package and audited 1 package in .*\\n' +
216+
'found 1 high severity vulnerability\\n' +
217+
' run `npm audit fix` to fix them, or `npm audit` for details\\n'),
218+
'shows quick audit result')
219+
})
220+
})
221+
})
222+
105223
test('exits with non-zero exit code for vulnerabilities at the `audit-level` flag', t => {
106224
const fixture = new Tacks(new Dir({
107225
'package.json': new File({

test/tap/install-mention-funding.js

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,8 @@ test('mention npm fund upon installing single dependency', function (t) {
6868
if (err) throw err
6969
t.is(code, 0, 'installed successfully')
7070
t.is(stderr, '', 'no warnings')
71-
t.includes(stdout, '1 package is looking for funding.', 'should print amount of packages needing funding')
72-
t.includes(stdout, 'Run "npm fund" to find out more.', 'should print npm fund mention')
71+
t.includes(stdout, '1 package is looking for funding', 'should print amount of packages needing funding')
72+
t.includes(stdout, ' run `npm fund` for details', 'should print npm fund mention')
7373
t.end()
7474
})
7575
})
@@ -80,8 +80,8 @@ test('mention npm fund upon installing multiple dependencies', function (t) {
8080
if (err) throw err
8181
t.is(code, 0, 'installed successfully')
8282
t.is(stderr, '', 'no warnings')
83-
t.includes(stdout, '4 packages are looking for funding.', 'should print amount of packages needing funding')
84-
t.includes(stdout, 'Run "npm fund" to find out more.', 'should print npm fund mention')
83+
t.includes(stdout, '4 packages are looking for funding', 'should print amount of packages needing funding')
84+
t.includes(stdout, ' run `npm fund` for details', 'should print npm fund mention')
8585
t.end()
8686
})
8787
})
@@ -92,8 +92,8 @@ test('skips mention npm fund using --no-fund option', function (t) {
9292
if (err) throw err
9393
t.is(code, 0, 'installed successfully')
9494
t.is(stderr, '', 'no warnings')
95-
t.doesNotHave(stdout, '4 packages are looking for funding.', 'should print amount of packages needing funding')
96-
t.doesNotHave(stdout, 'Run "npm fund" to find out more.', 'should print npm fund mention')
95+
t.doesNotHave(stdout, '4 packages are looking for funding', 'should print amount of packages needing funding')
96+
t.doesNotHave(stdout, ' run `npm fund` for details', 'should print npm fund mention')
9797
t.end()
9898
})
9999
})
@@ -105,7 +105,7 @@ test('mention packages looking for funding using --json', function (t) {
105105
t.is(code, 0, 'installed successfully')
106106
t.is(stderr, '', 'no warnings')
107107
const res = JSON.parse(stdout)
108-
t.match(res.funding, '4 packages are looking for funding.', 'should print amount of packages needing funding')
108+
t.match(res.funding, '4 packages are looking for funding', 'should print amount of packages needing funding')
109109
t.end()
110110
})
111111
})

test/tap/install.fund.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ test('print appropriate message for a single package', (t) => {
5555
]
5656
}
5757
}),
58-
`${EOL}1 package is looking for funding.${EOL}Run "npm fund" to find out more.`,
58+
`${EOL}1 package is looking for funding${EOL} run \`npm fund\` for details${EOL}`,
5959
'should print single package message'
6060
)
6161
t.end()
@@ -93,7 +93,7 @@ test('print appropriate message for many packages', (t) => {
9393
]
9494
}
9595
}),
96-
`${EOL}3 packages are looking for funding.${EOL}Run "npm fund" to find out more.`,
96+
`${EOL}3 packages are looking for funding${EOL} run \`npm fund\` for details${EOL}`,
9797
'should print many package message'
9898
)
9999
t.end()

0 commit comments

Comments
 (0)