summaryrefslogtreecommitdiff
path: root/deps/npm/node_modules/npm-audit-report/lib/reporters/install.js
blob: fe53be3adad76b256a0260e85232e523a3014afb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

const colors = require('../colors.js')

const calculate = (data, { color }) => {
  const c = colors(color)
  const output = []
  const { metadata: { vulnerabilities }} = data
  const vulnCount = vulnerabilities.total

  let someFixable = false
  let someForceFixable = false
  let forceFixSemVerMajor = false
  let someUnfixable = false

  if (vulnCount === 0) {
    output.push(`found ${c.green('0')} vulnerabilities`)
  } else {
    for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
      const { fixAvailable } = vuln
      someFixable = someFixable || fixAvailable === true
      someUnfixable = someUnfixable || fixAvailable === false
      if (typeof fixAvailable === 'object') {
        someForceFixable = true
        forceFixSemVerMajor = forceFixSemVerMajor || fixAvailable.isSemVerMajor
      }
    }
    const total = vulnerabilities.total
    const sevs = Object.entries(vulnerabilities).filter(([s, count]) => {
      return (s === 'low' || s === 'moderate' || s === 'high' || s === 'critical') &&
        count > 0
    })

    if (sevs.length > 1) {
      const severities = sevs.map(([s, count]) => {
        return `${count} ${c.severity(s)}`
      }).join(', ')
      output.push(`${c.red(total)} vulnerabilities (${severities})`)
    } else {
      const [sev, count] = sevs[0]
      output.push(`${count} ${c.severity(sev)} severity vulnerabilit${count === 1 ? 'y' : 'ies'}`)
    }

    // XXX use a different footer line if some aren't fixable easily.
    // just 'run `npm audit` for details' maybe?

    if (someFixable) {
      output.push('', 'To address ' +
        (someForceFixable || someUnfixable ? 'issues that do not require attention'
          : 'all issues') + ', run:\n  npm audit fix')
    }

    if (someForceFixable) {
      output.push('', 'To address all issues' +
        (someUnfixable ? ' possible' : '') +
        (forceFixSemVerMajor ? ' (including breaking changes)' : '') +
        ', run:\n  npm audit fix --force')
    }

    if (someUnfixable) {
      output.push('',
        'Some issues need review, and may require choosing',
        'a different dependency.')
    }
  }

  const summary = output.join('\n')
  return {
    summary,
    report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
      : summary
  }
}

module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
  summary: (data, opt) => calculate(data, opt).summary
})
View Lorry Controller Status