src/audit.ts

import {spawnSync, SpawnSyncReturns} from 'child_process'
import stripAnsi from 'strip-ansi'

const SPAWN_PROCESS_BUFFER_SIZE = 10485760 // 10MiB

export class Audit {
  stdout = ''
  private status: number | null = null

  public run(auditLevel: string, productionFlag: string, jsonFlag: string): void {
    try {
      const auditOptions: Array<string> = ['audit', '--audit-level', auditLevel]

      if (productionFlag === 'true') {
        auditOptions.push('--production')
      }

      if (jsonFlag === 'true') {
        auditOptions.push('--json')
      }

      const result: SpawnSyncReturns<string> = spawnSync('npm', auditOptions, {
        encoding: 'utf-8',
        maxBuffer: SPAWN_PROCESS_BUFFER_SIZE
      })

      if (result.error) {
        throw result.error
      }
      if (result.status === null) {
        throw new Error('the subprocess terminated due to a signal.')
      }
      if (result.stderr && result.stderr.length > 0) {
        throw new Error(result.stderr)
      }

      this.status = result.status
      this.stdout = result.stdout
    } catch (error) {
      throw error
    }
  }

  public foundVulnerability(): boolean {
    // `npm audit` return 1 when it found vulnerabilities
    return this.status === 1
  }

  public strippedStdout(): string {
    return `\`\`\`\n${stripAnsi(this.stdout)}\n\`\`\``
  }
}
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`import {spawnSync, SpawnSyncReturns} from 'child_process'`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`import stripAnsi from 'strip-ansi'`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00
Catch errors thrown by Audit.run and increase child process buffer size (#67) * Audit.run does not need to be async * Set max buffer size for npm audit subprocess to 10MiB 2020-07-14 02:59:28 -07:00			`const SPAWN_PROCESS_BUFFER_SIZE = 10485760 // 10MiB`

Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`export class Audit {`
update eslint-plugin-github (#48) * update eslint-plugin-github * remove non-existent eslint rules * fix a lint error 2020-03-14 19:21:06 +09:00			`stdout = ''`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00			`private status: number \| null = null`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`public run(auditLevel: string, productionFlag: string, jsonFlag: string): void {`
Action should fail if child_process causes an error (#41) 2020-03-14 15:46:51 +09:00			`try {`
update README & npm run all 2020-11-12 10:45:24 +00:00			`const auditOptions: Array<string> = ['audit', '--audit-level', auditLevel]`

			`if (productionFlag === 'true') {`
			`auditOptions.push('--production')`
feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00			`}`

feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`if (jsonFlag === 'true') {`
			`auditOptions.push('--json')`
			`}`

update README & npm run all 2020-11-12 10:45:24 +00:00			`const result: SpawnSyncReturns<string> = spawnSync('npm', auditOptions, {`
			`encoding: 'utf-8',`
			`maxBuffer: SPAWN_PROCESS_BUFFER_SIZE`
			`})`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00
Action should fail if child_process causes an error (#41) 2020-03-14 15:46:51 +09:00			`if (result.error) {`
			`throw result.error`
			`}`
			`if (result.status === null) {`
			`throw new Error('the subprocess terminated due to a signal.')`
			`}`
			`if (result.stderr && result.stderr.length > 0) {`
			`throw new Error(result.stderr)`
			`}`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00
Action should fail if child_process causes an error (#41) 2020-03-14 15:46:51 +09:00			`this.status = result.status`
			`this.stdout = result.stdout`
			`} catch (error) {`
			`throw error`
			`}`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`}`

			`public foundVulnerability(): boolean {`
			// `npm audit` return 1 when it found vulnerabilities
			`return this.status === 1`
			`}`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
			`public strippedStdout(): string {`
			return `\`\`\`\n${stripAnsi(this.stdout)}\n\`\`\``
			`}`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`}`