From ea142a4dd65c45694f663885d509aae147430f97 Mon Sep 17 00:00:00 2001
From: Whymarrh Whitby <whymarrh.whitby@gmail.com>
Date: Thu, 6 Jun 2019 13:26:27 -0230
Subject: [PATCH] ci: Enable npm audit check

---
 .circleci/config.yml                 | 26 +++++++++++++-------------
 .circleci/scripts/npm-audit          | 12 ++++++++++++
 .circleci/scripts/npm-audit-check.js | 24 ++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 13 deletions(-)
 create mode 100755 .circleci/scripts/npm-audit
 create mode 100644 .circleci/scripts/npm-audit-check.js

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 686a996c1..f4dd245f2 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -17,9 +17,9 @@ workflows:
       - test-lint:
           requires:
             - prep-deps-npm
-      # - test-deps:
-      #     requires:
-      #       - prep-deps-npm
+      - test-deps:
+          requires:
+            - prep-deps-npm
       - test-e2e-chrome:
           requires:
             - prep-deps-npm
@@ -156,16 +156,16 @@ jobs:
           name: Test
           command: npm run lint
 
-  # test-deps:
-  #   docker:
-  #     - image: circleci/node:8.11.3-browsers
-  #   steps:
-  #     - checkout
-  #     - attach_workspace:
-  #         at: .
-  #     - run:
-  #         name: Test
-  #         command: sudo npm install -g npm@6 && npm audit
+  test-deps:
+    docker:
+      - image: circleci/node:8.15.1-browsers
+    steps:
+      - checkout
+      - attach_workspace:
+          at: .
+      - run:
+          name: npm audit
+          command: .circleci/scripts/npm-audit
 
   # test-e2e-beta-drizzle:
   #   docker:
diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit
new file mode 100755
index 000000000..00a6876ff
--- /dev/null
+++ b/.circleci/scripts/npm-audit
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+if ! npm audit
+then
+    ! npm audit --json > audit.json
+    printf '%s\n' ''
+    node .circleci/scripts/npm-audit-check.js
+fi
diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js
new file mode 100644
index 000000000..2fb408add
--- /dev/null
+++ b/.circleci/scripts/npm-audit-check.js
@@ -0,0 +1,24 @@
+const path = require('path')
+const audit = require(path.join(__dirname, '..', '..', 'audit.json'))
+const error = audit.error
+const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k])
+
+if (error) {
+  process.exit(1)
+}
+
+let count = 0
+for (const advisory of advisories) {
+  if (advisory.severity === 'low') {
+    continue
+  }
+
+  count += advisory.findings.some((finding) => (!finding.dev && !finding.optional))
+}
+
+if (count > 0) {
+  console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`)
+  process.exit(1)
+} else {
+  console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`)
+}