m
/
metamask-extension
mirror of https://github.com/kremalicious/metamask-extension.git
1
0
Fork 0
Code
metamask-extension/.yarn/patches/improved-yarn-audit-npm-3.0...

70 lines
2.5 KiB
Diff
Raw Blame History

# Improved yarn audit is patched to work with yarn version 2+. The primary need
# is to retool the script to first use yarn's new audit command and parameters
# as well as to change the process for how it reads the result due to an update
# in returned shape of audit command's data.
diff --git a/bin/improved-yarn-audit b/bin/improved-yarn-audit
index 52df548151aa28289565e3335b2cd7a92fa38325..7e058df6a4a159596df72c9475a36b747580cd98 100755
--- a/bin/improved-yarn-audit
+++ b/bin/improved-yarn-audit
@@ -15,6 +15,7 @@ const { tmpdir } = require("os")
const path = require("path")
const { env, exit, platform } = require("process")
const { createInterface } = require("readline")
+const { Stream } = require("stream")
const GITHUB_ADVISORY_CODE = "GHSA"
@@ -250,7 +251,15 @@ async function iterateOverAuditResults(action) {
const auditResultsFileStream = getAuditResultsFileStream("r")
const iterator = createInterface(auditResultsFileStream)
- iterator.on("line", action)
+ iterator.on("line", async (result) => {
+ const parsed = parseAuditJson(result);
+ const advisories = Stream.Readable.from(
+ Object.values(parsed.advisories).map(advisory => JSON.stringify(advisory))
+ );
+ for await (const data of advisories) {
+ action(data);
+ }
+ });
await new Promise((resolve) => iterator.on("close", resolve))
@@ -305,10 +314,10 @@ async function streamYarnAuditOutput(auditParams, auditResultsFileStream) {
}
async function invokeYarnAudit() {
- const auditParams = ["audit", "--json", `--level=${minSeverityName}`]
+ const auditParams = ["npm", "audit", "--recursive", "--json", `--severity=${minSeverityName}`]
if (ignoreDevDependencies) {
- auditParams.push("--groups=dependencies")
+ auditParams.push("--environment=production")
}
cleanupAuditResultsFile()
@@ -420,17 +429,17 @@ async function runAuditReport() {
let devDependencyAdvisories = []
let devDependencyAdvisoryIds = []
- await iterateOverAuditResults((resultJson) => {
- const potentialResult = parseAuditJson(resultJson)
+ await iterateOverAuditResults((resultJsonString) => {
+ const potentialResult = parseAuditJson(resultJsonString);
if (
- typeof potentialResult.type !== "string" ||
- potentialResult.type !== "auditAdvisory"
+ typeof potentialResult.github_advisory_id !== "string"
) {
return
}
- const result = potentialResult.data.advisory
+
+ const result = potentialResult;
allAdvisories.push(result)
View Git Blame Copy Permalink