From 06afa83a64176a0bbf2b49ad72962e8993aa2185 Mon Sep 17 00:00:00 2001 From: Ashok Date: Tue, 30 Oct 2018 15:25:29 +0530 Subject: [PATCH 1/5] Adding detailed information of finding by listing out the modules --- templates/template.hbs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/templates/template.hbs b/templates/template.hbs index d39ff97..bbd0ee6 100644 --- a/templates/template.hbs +++ b/templates/template.hbs @@ -65,6 +65,15 @@

Overview

{{{markdown overview}}}

+

Findings

+ {{#each findings}} + + {{/each}} + {{#if recommendation}}

Remediation

{{{markdown recommendation}}}

From d632ed9eae6a36056c49888b64d1772991bd8a50 Mon Sep 17 00:00:00 2001 From: Noah Prail Date: Wed, 31 Oct 2018 17:06:29 -0400 Subject: [PATCH 2/5] fix(reporter): Handle vulnerabilities being undefined fix #3 --- lib/reporter.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/reporter.js b/lib/reporter.js index 1670fdc..a9b0986 100644 --- a/lib/reporter.js +++ b/lib/reporter.js @@ -31,7 +31,7 @@ const writeReport = async (report, output) => { } const modifyData = async data => { - const vulnerabilities = data.metadata.vulnerabilities + const vulnerabilities = data.metadata.vulnerabilities || [] // for (const act in data.actions) { // const action = data.actions[act] From 492795861d9fbd5bec9ccb56a9ef57b8da82185f Mon Sep 17 00:00:00 2001 From: Noah Prail Date: Fri, 14 Dec 2018 18:22:02 -0500 Subject: [PATCH 3/5] fix(reporter): Create missing directories in output path fix #6 --- lib/reporter.js | 2 ++ package-lock.json | 44 ++++++++++++++++++++++++++++++-------------- package.json | 1 + 3 files changed, 33 insertions(+), 14 deletions(-) diff --git a/lib/reporter.js b/lib/reporter.js index 1670fdc..c23c934 100644 --- a/lib/reporter.js +++ b/lib/reporter.js @@ -1,6 +1,7 @@ const Handlebars = require('handlebars') const moment = require('moment') const marked = require('marked') +const fse = require('fs-extra') const fs = require('fs') const { promisify } = require('util') @@ -24,6 +25,7 @@ const generateTemplate = async (data, template) => { const writeReport = async (report, output) => { try { const writeFile = promisify(fs.writeFile) + await fse.ensureFile(output) await writeFile(output, report) } catch (err) { throw err diff --git a/package-lock.json b/package-lock.json index d67d424..4b90fbb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1883,6 +1883,17 @@ "object-assign": "^4.1.0" } }, + "fs-extra": { + "version": "1.0.0", + "resolved": "http://registry.npmjs.org/fs-extra/-/fs-extra-1.0.0.tgz", + "integrity": "sha1-zTzl9+fLYUWIP8rjGR6Yd/hYeVA=", + "dev": true, + "requires": { + "graceful-fs": "^4.1.2", + "jsonfile": "^2.1.0", + "klaw": "^1.0.0" + } + }, "glob": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz", @@ -1928,6 +1939,15 @@ "number-is-nan": "^1.0.0" } }, + "jsonfile": { + "version": "2.4.0", + "resolved": "http://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", + "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6" + } + }, "lodash": { "version": "4.17.5", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz", @@ -3374,14 +3394,13 @@ "dev": true }, "fs-extra": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-1.0.0.tgz", - "integrity": "sha1-zTzl9+fLYUWIP8rjGR6Yd/hYeVA=", - "dev": true, + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz", + "integrity": "sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==", "requires": { "graceful-fs": "^4.1.2", - "jsonfile": "^2.1.0", - "klaw": "^1.0.0" + "jsonfile": "^4.0.0", + "universalify": "^0.1.0" } }, "fs.realpath": { @@ -3603,8 +3622,7 @@ "graceful-fs": { "version": "4.1.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz", - "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=", - "dev": true + "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=" }, "growl": { "version": "1.10.3", @@ -4389,10 +4407,9 @@ "dev": true }, "jsonfile": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", - "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", - "dev": true, + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=", "requires": { "graceful-fs": "^4.1.6" } @@ -7828,8 +7845,7 @@ "universalify": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.1.tgz", - "integrity": "sha1-+nG63UQ3r0wUiEHjs7Fl+enlkLc=", - "dev": true + "integrity": "sha1-+nG63UQ3r0wUiEHjs7Fl+enlkLc=" }, "unset-value": { "version": "1.0.0", diff --git a/package.json b/package.json index f3d9f21..b31ca03 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,7 @@ }, "dependencies": { "commander": "^2.15.1", + "fs-extra": "^7.0.1", "handlebars": "^4.0.11", "marked": "^0.4.0", "moment": "^2.22.2" From b382e7d78c95822dda9b3ae4ecf56c11f6b36f99 Mon Sep 17 00:00:00 2001 From: Noah Prail Date: Fri, 14 Dec 2018 18:32:23 -0500 Subject: [PATCH 4/5] fix(deps): Update vulnerable dependency --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4b90fbb..f50ed06 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5378,9 +5378,9 @@ } }, "merge": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/merge/-/merge-1.2.0.tgz", - "integrity": "sha1-dTHjnUlJwoGma4xabgJl6LBYlNo=", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/merge/-/merge-1.2.1.tgz", + "integrity": "sha512-VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ==", "dev": true }, "merge2": { From cf47e255f6a5b223c787bfefbd5aa9d6d945c1da Mon Sep 17 00:00:00 2001 From: Noah Prail Date: Fri, 14 Dec 2018 20:07:23 -0500 Subject: [PATCH 5/5] fix(reporter): Handle incorrect being piped to the cli --- lib/reporter.js | 26 ++++++++++++++++++++ package-lock.json | 62 +++++++++++++++++++++++++++++++++++------------ package.json | 4 ++- 3 files changed, 76 insertions(+), 16 deletions(-) diff --git a/lib/reporter.js b/lib/reporter.js index 9282a24..9b0900e 100644 --- a/lib/reporter.js +++ b/lib/reporter.js @@ -1,7 +1,9 @@ +const terminalLink = require('terminal-link') const Handlebars = require('handlebars') const moment = require('moment') const marked = require('marked') const fse = require('fs-extra') +const chalk = require('chalk') const fs = require('fs') const { promisify } = require('util') @@ -54,6 +56,30 @@ const modifyData = async data => { module.exports = async (data, templateFile, outputFile) => { try { + if (!data.metadata) { + if (data.updated) { + console.log( + chalk.red( + `Sorry! You can't use ${chalk.underline( + 'npm audit fix' + )} with npm-audit-html.\n\nSee ${terminalLink( + 'issue #3', + 'https://github.com/Filiosoft/npm-audit-html/issues/3' + )}` + ) + ) + } else { + console.log( + chalk.red( + `The provided data doesn't seem to be correct. Did you run with ${chalk.underline( + 'npm audit --json' + )}?` + ) + ) + } + process.exit(1) + } + const modifiedData = await modifyData(data) const report = await generateTemplate(modifiedData, templateFile) await writeReport(report, outputFile) diff --git a/package-lock.json b/package-lock.json index f50ed06..28ad9ae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -389,8 +389,7 @@ "ansi-escapes": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.1.0.tgz", - "integrity": "sha512-UgAb8H9D41AQnu/PbWlCofQVcnV4Gs2bBJi9eZPxfU/hgglFh3SMDMENRIqdr7H6XFnXdoknctFByVsCOotTVw==", - "dev": true + "integrity": "sha512-UgAb8H9D41AQnu/PbWlCofQVcnV4Gs2bBJi9eZPxfU/hgglFh3SMDMENRIqdr7H6XFnXdoknctFByVsCOotTVw==" }, "ansi-regex": { "version": "2.1.1", @@ -1551,7 +1550,6 @@ "version": "2.4.1", "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz", "integrity": "sha512-ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ==", - "dev": true, "requires": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -1562,16 +1560,14 @@ "version": "3.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, "requires": { "color-convert": "^1.9.0" } }, "supports-color": { - "version": "5.4.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.4.0.tgz", - "integrity": "sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w==", - "dev": true, + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", "requires": { "has-flag": "^3.0.0" } @@ -1774,7 +1770,6 @@ "version": "1.9.2", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.2.tgz", "integrity": "sha512-3NUJZdhMhcdPn8vJ9v2UQJoH0qqoGUkYTgFEPZaPjEtwmmKUfNV46zZmgB2M5M4DCEQHMaCfWHCxiBflLm04Tg==", - "dev": true, "requires": { "color-name": "1.1.1" } @@ -1782,8 +1777,7 @@ "color-name": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.1.tgz", - "integrity": "sha1-SxQVMEz1ACjqgWQ2Q72C6gWANok=", - "dev": true + "integrity": "sha1-SxQVMEz1ACjqgWQ2Q72C6gWANok=" }, "colors": { "version": "1.0.3", @@ -2564,8 +2558,7 @@ "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", - "dev": true + "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" }, "eslint": { "version": "4.19.1", @@ -3685,8 +3678,7 @@ "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "dev": true + "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" }, "has-symbol-support-x": { "version": "1.4.2", @@ -7485,6 +7477,37 @@ "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=", "dev": true }, + "supports-hyperlinks": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-1.0.1.tgz", + "integrity": "sha512-HHi5kVSefKaJkGYXbDuKbUGRVxqnWGn3J2e39CYcNJEfWciGq2zYtOhXLTlvrOZW1QU7VX67w7fMmWafHX9Pfw==", + "requires": { + "has-flag": "^2.0.0", + "supports-color": "^5.0.0" + }, + "dependencies": { + "has-flag": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-2.0.0.tgz", + "integrity": "sha1-6CB68cx7MNRGzHC3NLXovhj4jVE=" + }, + "supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "requires": { + "has-flag": "^3.0.0" + }, + "dependencies": { + "has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" + } + } + } + } + }, "symbol-observable": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", @@ -7531,6 +7554,15 @@ } } }, + "terminal-link": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-1.1.0.tgz", + "integrity": "sha512-sOZb3eUbMEcBeuA+TePxEiyueKHNoFOdU8gJtw6vXBKQEgj2ZeyQfWT0aXqjSDI1a/xEZfjzTZMApcSgV70KGg==", + "requires": { + "ansi-escapes": "^3.1.0", + "supports-hyperlinks": "^1.0.1" + } + }, "text-extensions": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/text-extensions/-/text-extensions-1.7.0.tgz", diff --git a/package.json b/package.json index b31ca03..04ddbb6 100644 --- a/package.json +++ b/package.json @@ -38,11 +38,13 @@ "travis-deploy-once": "^5.0.0" }, "dependencies": { + "chalk": "^2.4.1", "commander": "^2.15.1", "fs-extra": "^7.0.1", "handlebars": "^4.0.11", "marked": "^0.4.0", - "moment": "^2.22.2" + "moment": "^2.22.2", + "terminal-link": "^1.1.0" }, "config": { "commitizen": {