feat: support root shell project

sandworm-hq · Feb 27, 2023 · bb484df · bb484df
1 parent a85d54b
commit bb484df
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 12 deletions.
diff --git a/src/cli/command.js b/src/cli/command.js
@@ -73,6 +73,13 @@ module.exports = (handler) =>
             default: true,
             describe: 'Print a summary of the audit results to the console',
             type: 'boolean',
+          })
+          .option('rs', {
+            alias: 'root-is-shell',
+            demandOption: false,
+            default: false,
+            describe: 'Root project is a shell with a single dependency',
+            type: 'boolean',
           });
       },
       handler,

diff --git a/src/cli/index.js b/src/cli/index.js
@@ -37,6 +37,7 @@ command(async (argv) => {
     appPath,
     includeDev: fileConfig.includeDev || argv.d,
     showVersions: fileConfig.showVersions || argv.v,
+    rootIsShell: fileConfig.rootIsShell || argv.rs,
     maxDepth: fileConfig.maxDepth || argv.md,
     licensePolicy: fileConfig.licensePolicy || (argv.lp && JSON.parse(argv.lp)),
     minDisplayedSeverity: fileConfig.minDisplayedSeverity,

diff --git a/src/graph/index.js b/src/graph/index.js
@@ -4,7 +4,10 @@ const generatePnpmGraph = require('./generatePnpmGraph');
 const generateYarnGraph = require('./generateYarnGraph');
 const {postProcessGraph, addDependencyGraphData, getRegistryDataMultiple} = require('./utils');
 
-const generateGraphPromise = async (appPath, {packageData, loadDataFrom = false} = {}) => {
+const generateGraphPromise = async (
+  appPath,
+  {packageData, loadDataFrom = false, rootIsShell = false} = {},
+) => {
   const lockfile = await loadLockfile(appPath);
   const manifest = loadManifest(appPath);
   let graph;
@@ -30,12 +33,22 @@ const generateGraphPromise = async (appPath, {packageData, loadDataFrom = false}
   }
 
   const {root, allPackages} = graph;
-  const processedRoot = postProcessGraph({root});
-  const allConnectedPackages = allPackages.filter(
+  let processedRoot = postProcessGraph({root});
+  let allConnectedPackages = allPackages.filter(
     ({name, version, parents}) =>
       (name === manifest.name && version === manifest.version) ||
       Object.values(parents).reduce((agg, deps) => agg + Object.keys(deps).length, 0),
   );
+
+  if (rootIsShell) {
+    const shellName = processedRoot.name;
+    const shellVersion = processedRoot.version;
+    [processedRoot] = Object.values(processedRoot.dependencies);
+    allConnectedPackages = allConnectedPackages.filter(
+      ({name, version}) => name !== shellName && version !== shellVersion,
+    );
+  }
+
   const devDependencies = allConnectedPackages.filter(({flags}) => flags.dev);
   const prodDependencies = allConnectedPackages.filter(({flags}) => flags.prod);
 
@@ -52,7 +65,7 @@ const generateGraphPromise = async (appPath, {packageData, loadDataFrom = false}
   }
 
   if (additionalPackageData) {
-    addDependencyGraphData({root, packageData: additionalPackageData});
+    addDependencyGraphData({root: processedRoot, packageData: additionalPackageData});
   }
 
   return {
@@ -74,12 +87,16 @@ const generateGraphAsync = (appPath, options, done = () => {}) => {
   })();
 };
 
-const generateGraph = (appPath, {packageData, loadDataFrom = false} = {}, done = undefined) => {
+const generateGraph = (
+  appPath,
+  {packageData, loadDataFrom = false, rootIsShell = false} = {},
+  done = undefined,
+) => {
   if (typeof done === 'function') {
-    return generateGraphAsync(appPath, {packageData, loadDataFrom}, done);
+    return generateGraphAsync(appPath, {packageData, loadDataFrom, rootIsShell}, done);
   }
 
-  return generateGraphPromise(appPath, {packageData, loadDataFrom});
+  return generateGraphPromise(appPath, {packageData, loadDataFrom, rootIsShell});
 };
 
 module.exports = generateGraph;
diff --git a/src/index.js b/src/index.js
@@ -13,6 +13,8 @@ const getReport = async ({
   dependencyGraph,
   includeDev = false,
   showVersions = false,
+  rootIsShell = false,
+  getAdvisoriesForRoot = true,
   minDisplayedSeverity = 'high',
   width = 1500,
   maxDepth = 7,
@@ -35,7 +37,8 @@ const getReport = async ({
 
   // Generate the dependency graph
   onProgress({type: 'start', stage: 'graph'});
-  const dGraph = dependencyGraph || (await getDependencyGraph(appPath, {loadDataFrom}));
+  const dGraph =
+    dependencyGraph || (await getDependencyGraph(appPath, {loadDataFrom, rootIsShell}));
   const packageGraph = dGraph.root;
   errors = [...errors, ...(dGraph.errors || [])];
   onProgress({type: 'end', stage: 'graph'});
@@ -65,10 +68,12 @@ const getReport = async ({
     errors.push(error);
   }
 
-  try {
-    rootVulnerabilities = await getReports(packageGraph.name, packageGraph.version, packageGraph);
-  } catch (error) {
-    errors.push(error);
+  if (!rootIsShell && getAdvisoriesForRoot) {
+    try {
+      rootVulnerabilities = await getReports(packageGraph.name, packageGraph.version, packageGraph);
+    } catch (error) {
+      errors.push(error);
+    }
   }
   onProgress({type: 'end', stage: 'vulnerabilities'});