From 9058b5c7fef3d0fc6a3ba5d695a24c50d3047bbe Mon Sep 17 00:00:00 2001 From: BradyMitch Date: Wed, 10 Jul 2024 10:40:06 -0700 Subject: [PATCH] Test --- .../find-indirect-vulnerable-deps.cjs | 5 ---- .../npm-audit/parse-npm-vulnerabilities.cjs | 28 ++++++++++++------- .github/helpers/npm-audit/run-npm-audit.cjs | 4 --- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/.github/helpers/npm-audit/find-indirect-vulnerable-deps.cjs b/.github/helpers/npm-audit/find-indirect-vulnerable-deps.cjs index 3ea277a2e..a1f0efed3 100644 --- a/.github/helpers/npm-audit/find-indirect-vulnerable-deps.cjs +++ b/.github/helpers/npm-audit/find-indirect-vulnerable-deps.cjs @@ -1,6 +1,5 @@ const fs = require("fs"); const path = require("path"); -const { execSync } = require("child_process"); // Runs runNpmAudit and adds parent dependencies if they can be found in the package-lock.json const findIndirectVulnerableDependencies = async ( @@ -10,10 +9,6 @@ const findIndirectVulnerableDependencies = async ( try { const { vulnerabilities } = auditResult; - execSync("npm i", { - cwd: path.resolve(__dirname, `../../../${directoryPath}`), - }); - if (vulnerabilities.length === 0) { // No vulnerabilities found return { ...auditResult, parentDependencies: {} }; diff --git a/.github/helpers/npm-audit/parse-npm-vulnerabilities.cjs b/.github/helpers/npm-audit/parse-npm-vulnerabilities.cjs index 9c410d6c4..9fd292970 100644 --- a/.github/helpers/npm-audit/parse-npm-vulnerabilities.cjs +++ b/.github/helpers/npm-audit/parse-npm-vulnerabilities.cjs @@ -1,11 +1,12 @@ -const enhanceVulnerabilityList = require('./enhance-vulnerability-list.cjs'); -const findIndirectVulnerableDependencies = require('./find-indirect-vulnerable-deps.cjs'); -const runNpmAudit = require('./run-npm-audit.cjs'); +const enhanceVulnerabilityList = require("./enhance-vulnerability-list.cjs"); +const findIndirectVulnerableDependencies = require("./find-indirect-vulnerable-deps.cjs"); +const runNpmAudit = require("./run-npm-audit.cjs"); +const { execSync } = require("child_process"); // Requires semver dependency to run. const LOCAL_TEST = false; -const TEST_DIR_PATHS = ['.']; +const TEST_DIR_PATHS = ["."]; /** * THIS FILE DOES NOT REQUIRE ANY EDITING. @@ -19,7 +20,9 @@ const TEST_DIR_PATHS = ['.']; */ // Get directory paths from env. -const directoryPaths = LOCAL_TEST ? TEST_DIR_PATHS : JSON.parse(process.env.directoryPaths); +const directoryPaths = LOCAL_TEST + ? TEST_DIR_PATHS + : JSON.parse(process.env.directoryPaths); // Save results to json. let results = {}; @@ -27,17 +30,22 @@ let results = {}; (async () => { // Create an array of promises for each dirPath. const promises = directoryPaths.map(async (dirPath) => { + execSync("npm i", { + cwd: path.resolve(__dirname, `../../../${dirPath}`), + }); + try { const auditResult = await runNpmAudit(dirPath); - const auditResultWithParentDeps = await findIndirectVulnerableDependencies( - auditResult, - dirPath, + const auditResultWithParentDeps = + await findIndirectVulnerableDependencies(auditResult, dirPath); + const summary = await enhanceVulnerabilityList( + auditResultWithParentDeps, + dirPath ); - const summary = await enhanceVulnerabilityList(auditResultWithParentDeps, dirPath); results[dirPath] = summary; } catch (error) { - console.error('Error enhancing vulnerabilities:', error); + console.error("Error enhancing vulnerabilities:", error); } }); diff --git a/.github/helpers/npm-audit/run-npm-audit.cjs b/.github/helpers/npm-audit/run-npm-audit.cjs index 791c47067..3551a9963 100644 --- a/.github/helpers/npm-audit/run-npm-audit.cjs +++ b/.github/helpers/npm-audit/run-npm-audit.cjs @@ -1,4 +1,3 @@ -const { execSync } = require("child_process"); const path = require("path"); const parseDetails = (auditData) => { @@ -53,9 +52,6 @@ const parseDetails = (auditData) => { // Runs 'npm audit --json' command and returns a modified output. const runNpmAudit = async (directoryPath) => { try { - execSync("npm i", { - cwd: path.resolve(__dirname, `../../../${directoryPath}`), - }); const stdout = execSync("npm audit --json", { encoding: "utf-8", stdio: ["pipe", "pipe", "ignore"],