From 27a7cb3bb31dda0d990f4686eb8b7b20085cfa79 Mon Sep 17 00:00:00 2001 From: Jee Mok Date: Sat, 17 Aug 2024 13:03:03 +0800 Subject: [PATCH] Use "--omit=dev" internally on newer npm version --- README.md | 7 +- package-lock.json | 280 +++++++++++------------------------- package.json | 2 + src/handlers/handleInput.ts | 16 ++- src/utils/npm.ts | 11 ++ test/handlers/flags.test.ts | 2 +- tsconfig.json | 4 +- 7 files changed, 113 insertions(+), 209 deletions(-) create mode 100644 src/utils/npm.ts diff --git a/README.md b/README.md index 905ee1a..ba9b74d 100644 --- a/README.md +++ b/README.md @@ -4,10 +4,7 @@ The goal of this project is to provide additional features on top of the existin [![NPM](https://nodei.co/npm/better-npm-audit.png)](https://npmjs.org/package/better-npm-audit) -![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square) ![npm downloads](https://img.shields.io/npm/d18m/better-npm-audit -) ![node current](https://img.shields.io/node/v/better-npm-audit -) ![node support](https://img.shields.io/badge/node-up_to_v22-brightgreen -) ![npm vulnerability](https://snyk.io/test/github/jeemok/better-npm-audit/badge.svg?targetFile=package.json) ![GitHub issues](https://img.shields.io/github/issues/jeemok/better-npm-audit?style=flat-square) ![npm bundle size](https://img.shields.io/bundlephobia/minzip/better-npm-audit?style=flat-square) ![Languages](https://img.shields.io/github/languages/top/jeemok/better-npm-audit?style=flat-square) +![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square) ![npm downloads](https://img.shields.io/npm/d18m/better-npm-audit) ![node current](https://img.shields.io/node/v/better-npm-audit) ![node support](https://img.shields.io/badge/node-up_to_v22-brightgreen) ![npm vulnerability](https://snyk.io/test/github/jeemok/better-npm-audit/badge.svg?targetFile=package.json) ![GitHub issues](https://img.shields.io/github/issues/jeemok/better-npm-audit?style=flat-square) ![npm bundle size](https://img.shields.io/bundlephobia/minzip/better-npm-audit?style=flat-square) ![Languages](https://img.shields.io/github/languages/top/jeemok/better-npm-audit?style=flat-square) ## NPM version 6 and 7, and 8 @@ -81,7 +78,7 @@ npm run audit | `--exclude` | `-x` | Exceptions or the vulnerabilities ID(s) to exclude; the ID can be the numeric ID, CVE, CWE or GHSA ID | | `--module-ignore` | `-m` | Names of modules to exclude | | `--level` | `-l` | The minimum audit level to validate; Same as the original `--audit-level` flag | -| `--production` | `-p` | Skip checking the `devDependencies` | +| `--production` | `-p` | Skip the `devDependencies` | | `--registry` | `-r` | The npm registry url to use |
diff --git a/package-lock.json b/package-lock.json index 1aaac23..331a688 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,6 +12,7 @@ "commander": "^8.0.0", "dayjs": "^1.10.6", "lodash.get": "^4.4.2", + "semver": "^7.6.3", "table": "^6.7.1" }, "bin": { @@ -22,6 +23,7 @@ "@types/lodash.get": "^4.4.6", "@types/mocha": "^8.2.3", "@types/node": "^16.0.0", + "@types/semver": "^7.5.8", "@types/sinon": "^10.0.2", "@typescript-eslint/eslint-plugin": "^4.28.2", "@typescript-eslint/parser": "^4.28.2", @@ -50,18 +52,29 @@ } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.12.11", + "version": "7.24.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz", + "integrity": "sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==", "dev": true, - "license": "MIT" + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } }, "node_modules/@babel/highlight": { - "version": "7.13.10", + "version": "7.24.7", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.7.tgz", + "integrity": "sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw==", "dev": true, "license": "MIT", "dependencies": { - "@babel/helper-validator-identifier": "^7.12.11", - "chalk": "^2.0.0", - "js-tokens": "^4.0.0" + "@babel/helper-validator-identifier": "^7.24.7", + "chalk": "^2.4.2", + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" + }, + "engines": { + "node": ">=6.9.0" } }, "node_modules/@babel/highlight/node_modules/ansi-styles": { @@ -297,6 +310,13 @@ "dev": true, "license": "MIT" }, + "node_modules/@types/semver": { + "version": "7.5.8", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", + "integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/sinon": { "version": "10.0.2", "dev": true, @@ -523,6 +543,15 @@ "node": ">=6" } }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/ansi-styles": { "version": "4.3.0", "license": "MIT", @@ -739,48 +768,6 @@ "wrap-ansi": "^7.0.0" } }, - "node_modules/cliui/node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/cliui/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/cliui/node_modules/string-width": { - "version": "4.2.0", - "dev": true, - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/cliui/node_modules/strip-ansi": { - "version": "6.0.0", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/color-convert": { "version": "2.0.1", "license": "MIT", @@ -927,7 +914,9 @@ } }, "node_modules/escalade": { - "version": "3.1.1", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", "dev": true, "license": "MIT", "engines": { @@ -1082,16 +1071,6 @@ "node": ">=10" } }, - "node_modules/eslint/node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, "node_modules/eslint/node_modules/argparse": { "version": "1.0.10", "dev": true, @@ -1112,17 +1091,6 @@ "js-yaml": "bin/js-yaml.js" } }, - "node_modules/eslint/node_modules/strip-ansi": { - "version": "6.0.0", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/espree": { "version": "7.3.1", "dev": true, @@ -1523,6 +1491,15 @@ "node": ">=0.10.0" } }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/is-glob": { "version": "4.0.1", "dev": true, @@ -1929,6 +1906,13 @@ "node": "*" } }, + "node_modules/picocolors": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz", + "integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==", + "dev": true, + "license": "ISC" + }, "node_modules/picomatch": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", @@ -2133,7 +2117,6 @@ "version": "7.6.3", "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", - "dev": true, "license": "ISC", "bin": { "semver": "bin/semver.js" @@ -2230,13 +2213,6 @@ "url": "https://github.com/chalk/slice-ansi?sponsor=1" } }, - "node_modules/slice-ansi/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "license": "MIT", - "engines": { - "node": ">=8" - } - }, "node_modules/source-map": { "version": "0.6.1", "dev": true, @@ -2259,6 +2235,32 @@ "dev": true, "license": "BSD-3-Clause" }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/strip-json-comments": { "version": "3.1.1", "dev": true, @@ -2313,48 +2315,10 @@ "url": "https://github.com/sponsors/epoberezkin" } }, - "node_modules/table/node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/table/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "license": "MIT", - "engines": { - "node": ">=8" - } - }, "node_modules/table/node_modules/json-schema-traverse": { "version": "1.0.0", "license": "MIT" }, - "node_modules/table/node_modules/string-width": { - "version": "4.2.2", - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/table/node_modules/strip-ansi": { - "version": "6.0.0", - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/text-table": { "version": "0.2.0", "dev": true, @@ -2537,48 +2501,6 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, - "node_modules/wrap-ansi/node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/wrap-ansi/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/wrap-ansi/node_modules/string-width": { - "version": "4.2.0", - "dev": true, - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/wrap-ansi/node_modules/strip-ansi": { - "version": "6.0.0", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/wrappy": { "version": "1.0.2", "dev": true, @@ -2633,48 +2555,6 @@ "node": ">=10" } }, - "node_modules/yargs/node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/yargs/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/yargs/node_modules/string-width": { - "version": "4.2.0", - "dev": true, - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/yargs/node_modules/strip-ansi": { - "version": "6.0.0", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/yn": { "version": "3.1.1", "dev": true, diff --git a/package.json b/package.json index dbfeb80..2c773c6 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "commander": "^8.0.0", "dayjs": "^1.10.6", "lodash.get": "^4.4.2", + "semver": "^7.6.3", "table": "^6.7.1" }, "devDependencies": { @@ -39,6 +40,7 @@ "@types/lodash.get": "^4.4.6", "@types/mocha": "^8.2.3", "@types/node": "^16.0.0", + "@types/semver": "^7.5.8", "@types/sinon": "^10.0.2", "@typescript-eslint/eslint-plugin": "^4.28.2", "@typescript-eslint/parser": "^4.28.2", diff --git a/src/handlers/handleInput.ts b/src/handlers/handleInput.ts index e6ad013..e24032f 100644 --- a/src/handlers/handleInput.ts +++ b/src/handlers/handleInput.ts @@ -1,8 +1,22 @@ import get from 'lodash.get'; +import semver from 'semver'; import { AuditLevel, CommandOptions } from 'src/types'; +import { getNpmVersion } from '../utils/npm'; import { readFile } from '../utils/file'; import { getExceptionsIds } from '../utils/vulnerability'; +/** + * Get the `npm audit` flag to audit only production dependencies. + * @return {String} The flag. + */ +function getProductionOnlyOption() { + const npmVersion = getNpmVersion(); + if (semver.satisfies(npmVersion, '<=8.13.2')) { + return '--production'; + } else { + return '--omit=dev'; + } +} /** * Handle user's input * @param {Object} options User's command options or flags @@ -13,7 +27,7 @@ export default function handleInput(options: CommandOptions, fn: (T1: string, T2 const auditCommand: string = [ 'npm audit', // flags - get(options, 'production') ? '--production' : '', + get(options, 'production') ? getProductionOnlyOption() : '', get(options, 'registry') ? `--registry=${options.registry}` : '', ] .filter(Boolean) diff --git a/src/utils/npm.ts b/src/utils/npm.ts new file mode 100644 index 0000000..0fb28e0 --- /dev/null +++ b/src/utils/npm.ts @@ -0,0 +1,11 @@ +import { exec } from 'child_process'; +import { Readable } from 'stream'; + +/** + * Get the current npm version + * @return {String} The npm version + */ +export function getNpmVersion(): string { + const version = exec('npm --version'); + return (version.stdout as Readable).toString(); +} \ No newline at end of file diff --git a/test/handlers/flags.test.ts b/test/handlers/flags.test.ts index d3c06f6..8268b71 100644 --- a/test/handlers/flags.test.ts +++ b/test/handlers/flags.test.ts @@ -92,7 +92,7 @@ describe('Flags', () => { it('should be able to set production mode from the command flag correctly', () => { const callbackStub = sinon.stub(); const options = { production: true }; - const auditCommand = 'npm audit --production'; + const auditCommand = 'npm audit --omit=dev'; const auditLevel = 'info'; const exceptionIds: string[] = []; diff --git a/tsconfig.json b/tsconfig.json index e1ae4c5..9f71a61 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -3,13 +3,13 @@ "target": "es5", "module": "commonjs", "lib": [ - "ES2018" + "ES2018", ], "outDir": "lib", "strict": true, "types": [ "node", - "mocha" + "mocha", ], "esModuleInterop": true, "resolveJsonModule": true,