ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / lib / node_modules / npm / lib / commands

const npmAuditReport = require('npm-audit-report')
const ArboristWorkspaceCmd = require('../arborist-cmd.js')
const auditError = require('../utils/audit-error.js')
const { log, output } = require('proc-log')
const reifyFinish = require('../utils/reify-finish.js')
const VerifySignatures = require('../utils/verify-signatures.js')

class Audit extends ArboristWorkspaceCmd {
  static description = 'Run a security audit'
  static name = 'audit'
  static params = [
    'audit-level',
    'dry-run',
    'force',
    'json',
    'package-lock-only',
    'package-lock',
    'omit',
    'include',
    'foreground-scripts',
    'ignore-scripts',
    ...super.params,
  ]

static usage = ['[fix|signatures]']

static async completion (opts) {
    const argv = opts.conf.argv.remain

if (argv.length === 2) {
      return ['fix', 'signatures']
    }

switch (argv[2]) {
      case 'fix':
      case 'signatures':
        return []
      default:
        throw Object.assign(new Error(argv[2] + ' not recognized'), {
          code: 'EUSAGE',
        })
    }
  }

async exec (args) {
    if (args[0] === 'signatures') {
      await this.auditSignatures()
    } else {
      await this.auditAdvisories(args)
    }
  }

async auditAdvisories (args) {
    const fix = args[0] === 'fix'
    if (this.npm.config.get('package-lock') === false && fix) {
      throw this.usageError('fix can not be used without a package-lock')
    }
    const reporter = this.npm.config.get('json') ? 'json' : 'detail'
    const Arborist = require('@npmcli/arborist')
    const opts = {
      ...this.npm.flatOptions,
      audit: true,
      path: this.npm.prefix,
      reporter,
      workspaces: this.workspaceNames,
    }

const arb = new Arborist(opts)
    await arb.audit({ fix })
    if (fix) {
      await reifyFinish(this.npm, arb)
    } else {
      // will throw if there's an error, because this is an audit command
      auditError(this.npm, arb.auditReport)
      const result = npmAuditReport(arb.auditReport, {
        ...opts,
        chalk: this.npm.chalk,
      })
      process.exitCode = process.exitCode || result.exitCode
      output.standard(result.report)
    }
  }

async auditSignatures () {
    if (this.npm.global) {
      throw Object.assign(
        new Error('`npm audit signatures` does not support global packages'), {
          code: 'EAUDITGLOBAL',
        }
      )
    }

log.verbose('audit', 'loading installed dependencies')
    const Arborist = require('@npmcli/arborist')
    const opts = {
      ...this.npm.flatOptions,
      path: this.npm.prefix,
      workspaces: this.workspaceNames,
    }

const arb = new Arborist(opts)
    const tree = await arb.loadActual()
    let filterSet = new Set()
    if (opts.workspaces && opts.workspaces.length) {
      filterSet =
        arb.workspaceDependencySet(
          tree,
          opts.workspaces,
          this.npm.flatOptions.includeWorkspaceRoot
        )
    } else if (!this.npm.flatOptions.workspacesEnabled) {
      filterSet =
        arb.excludeWorkspacesDependencySet(tree)
    }

const verify = new VerifySignatures(tree, filterSet, this.npm, { ...opts })
    await verify.run()
  }
}

module.exports = Audit

[-] audit.js [edit]
[-] diff.js [edit]
[-] fund.js [edit]
[-] prefix.js [edit]
[-] restart.js [edit]
[-] rebuild.js [edit]
[-] unpublish.js [edit]
[-] ci.js [edit]
[-] logout.js [edit]
[-] dist-tag.js [edit]
[-] star.js [edit]
[-] test.js [edit]
[-] deprecate.js [edit]
[-] help-search.js [edit]
[-] get.js [edit]
[-] docs.js [edit]
[-] sbom.js [edit]
[-] doctor.js [edit]
[-] uninstall.js [edit]
[-] stars.js [edit]
[-] link.js [edit]
[-] version.js [edit]
[-] query.js [edit]
[-] whoami.js [edit]
[-] access.js [edit]
[-] adduser.js [edit]
[-] completion.js [edit]
[-] start.js [edit]
[-] install-test.js [edit]
[-] pkg.js [edit]
[-] owner.js [edit]
[-] prune.js [edit]
[-] bugs.js [edit]
[-] dedupe.js [edit]
[-] outdated.js [edit]
[-] publish.js [edit]
[-] token.js [edit]
[+] ..
[-] org.js [edit]
[-] shrinkwrap.js [edit]
[-] root.js [edit]
[-] login.js [edit]
[-] pack.js [edit]
[-] find-dupes.js [edit]
[-] cache.js [edit]
[-] team.js [edit]
[-] repo.js [edit]
[-] exec.js [edit]
[-] search.js [edit]
[-] update.js [edit]
[-] install.js [edit]
[-] ping.js [edit]
[-] ll.js [edit]
[-] explain.js [edit]
[-] ls.js [edit]
[-] profile.js [edit]
[-] init.js [edit]
[-] config.js [edit]
[-] edit.js [edit]
[-] run-script.js [edit]
[-] view.js [edit]
[-] help.js [edit]
[-] stop.js [edit]
[-] explore.js [edit]
[-] hook.js [edit]
[-] install-ci-test.js [edit]
[-] set.js [edit]
[-] unstar.js [edit]