@anren-utils/mcp-audit 1.0.0

package/src/parseProject/detectPackageManager.ts

@@ -0,0 +1,24 @@
+import fs from "fs";
+import path from "path";
+import type { PackageManager } from "../types.js";
+
+/**
+ * 检测当前项目使用的包管理器
+ * @param projectRoot - 项目根目录
+ * @returns 'npm' | 'pnpm' | 'yarn'，默认返回 'npm'
+ */
+export function detectPackageManager(projectRoot: string): PackageManager {
+  // 检查锁文件
+  if (fs.existsSync(path.join(projectRoot, "pnpm-lock.yaml"))) {
+    return "pnpm";
+  }
+  if (fs.existsSync(path.join(projectRoot, "package-lock.json"))) {
+    return "npm";
+  }
+  if (fs.existsSync(path.join(projectRoot, "yarn.lock"))) {
+    return "yarn";
+  }
+
+  // 默认返回 npm 作为兜底
+  return "npm";
+}

package/src/parseProject/index.ts

@@ -0,0 +1,20 @@
+import { parseLocalProject } from "./parseLocalProject.js";
+import { parseRemoteProject } from "./parseRemoteProject.js";
+
+/**
+ * 解析工程根目录下的package.json文件，得到文件内容
+ * @param {string} projectRoot 工程本地的根目录或远程仓库的URL
+ * @example
+ * parseProject('/path/to/local/project');
+ * parseProject('https://github.com/webpack/webpack');
+ * @returns {Promise<Object>} 返回解析后的package.json内容
+ * @throws {Error} 如果解析失败或文件不存在
+ */
+export function parseProject(projectRoot: string) {
+  // 分辨是本地工程还是远程仓库
+  if (projectRoot.startsWith("http://") || projectRoot.startsWith("https://")) {
+    // 远程项目
+    return parseRemoteProject(projectRoot);
+  }
+  return parseLocalProject(projectRoot);
+}

package/src/parseProject/parseLocalProject.ts

@@ -0,0 +1,39 @@
+import path from "path";
+import fs from "fs";
+import type { PackageJsonInfo } from "../types.js";
+
+/**
+ * @Desc: 解析本地工程根目录下的package.json文件
+ * @param {string} projectRoot 本地工程的根目录
+ * @return {Promise<Object>} 返回解析后的package.json内容
+ */
+export async function parseLocalProject(projectRoot: string) {
+  const packageJsonPath = path.join(projectRoot, "package.json");
+  const json = await fs.promises.readFile(packageJsonPath, "utf8");
+  return JSON.parse(json) as PackageJsonInfo;
+}
+
+/**
+ * @Desc: 解析本地monorepo工程根目录下的package.json文件
+ * @param {string} projectRoot 本地工程的根目录
+ * @param {string[]} workspaceNames 工作空间名称列表，每个元素为一个子包的名称
+ * @return {Promise<Object[]>} 返回解析后的package.json内容列表
+ */
+export async function parseMonorepoProject(
+  projectRoot: string,
+  workspaceNames: string[],
+) {
+  // 获取workspaceNames对应的package.json文件内容
+  const packageJsonList = await Promise.all(
+    workspaceNames.map(async (workspaceName) => {
+      const packageJsonPath = path.join(
+        projectRoot,
+        workspaceName,
+        "package.json",
+      );
+      const json = await fs.promises.readFile(packageJsonPath, "utf8");
+      return { [workspaceName]: JSON.parse(json) as Object };
+    }),
+  );
+  return packageJsonList;
+}

package/src/parseProject/parseRemoteProject.ts

@@ -0,0 +1,225 @@
+import type { PackageJsonInfo } from "../types.js";
+
+export interface RemoteProjectUrlInfo {
+  owner: string;
+  repo: string;
+  path: string;
+  platform: string;
+  originalUrl: string;
+}
+
+interface GitProjectInfo {
+  default_branch: string;
+}
+
+export interface PackageJsonUrlInfo {
+  branchName: string;
+  packageJsonUrl: string;
+}
+
+/**
+ * 解析 Git 仓库 URL，提取 owner、repo、platform 和后续路径
+ * 支持格式：
+ *   - https://github.com/owner/repo
+ *   - https://github.com/owner/repo/tree/branch
+ *   - https://github.com/owner/repo/blame
+ *   - https://gitee.com/he_kai1/creat-exam-ts
+ *   - https://gitee.com/he_kai1/creat-exam-ts/tree/dev/
+ *   - https://gitlab.com/owner/repo
+ *   - https://gitlab.com/owner/repo/-/tree/branch
+ *   - ...
+ * @param {string} url - Git 仓库 URL
+ * @returns {Object} { owner, repo, path, platform, originalUrl }
+ * @throws {Error} 如果 URL 格式不合法或无法解析
+ */
+export function parseGitUrl(url: string) {
+  try {
+    const parsedUrl = new URL(url);
+    const hostname = parsedUrl.hostname;
+
+    // 确定平台
+    let platform: string;
+    if (hostname === "github.com" || hostname.endsWith(".github.com")) {
+      platform = "github";
+    } else if (hostname === "gitee.com" || hostname.endsWith(".gitee.com")) {
+      platform = "gitee";
+    } else if (hostname === "gitlab.com" || hostname.endsWith(".gitlab.com")) {
+      platform = "gitlab";
+    } else {
+      platform = "unknown";
+    }
+
+    // 获取路径并去除空字符串（如开头的 /）
+    const parts = parsedUrl.pathname.split("/").filter(Boolean);
+
+    // 至少需要 owner(项目所属者) 和 repo(项目名称) 两段
+    // https://github.com/anren-hk/slt-erp
+    if (parts.length < 2) {
+      throw new Error("Invalid repository URL: insufficient path segments");
+    }
+
+    const owner = parts[0]!;
+    const repo = parts[1]!;
+    // https://github.com/anren-hk/webpack-vue-create/tree/gh-pages
+    const restPath = parts.slice(2); // 剩余路径，如 ['tree', 'v5.2.2']，即分支名称或者版本号
+
+    // 构造 path：如果有后续路径，则以 '/' 开头拼接；否则为空字符串
+    const path = restPath.length > 0 ? "/" + restPath.join("/") : "";
+
+    const projectUrlInfo: RemoteProjectUrlInfo = {
+      owner,
+      repo,
+      path,
+      platform,
+      originalUrl: url,
+    };
+    return projectUrlInfo;
+  } catch (error) {
+    if (error instanceof TypeError) {
+      throw new Error("Invalid URL: malformed or missing");
+    }
+    throw error;
+  }
+}
+
+/**
+ * @Desc: 获取 GitHub 仓库的 package.json URL
+ */
+async function getGithubPackageJsonUrl(
+  projectUrlInfo: RemoteProjectUrlInfo,
+): Promise<PackageJsonUrlInfo> {
+  const { owner, repo, path } = projectUrlInfo;
+  let branchName: string;
+
+  // 如果path以 /tree/ 开头，则表示是分支路径，如 /tree/v5.2.2或者/tree/dev，则取分支名称 v5.2.2
+  if (path.startsWith("/tree/")) {
+    const pathParts = path.split("/").filter(Boolean);
+    branchName = pathParts[1]!;
+  } else {
+    // 通过 API 获取仓库信息，获取默认分支名称
+    const url = `https://api.github.com/repos/${owner}/${repo}`;
+    const info = (await fetch(url).then((resp) =>
+      resp.json(),
+    )) as GitProjectInfo;
+    branchName = info.default_branch;
+  }
+  return {
+    branchName,
+    packageJsonUrl: `https://raw.githubusercontent.com/${owner}/${repo}/${branchName}/package.json`,
+  };
+}
+
+/**
+ * @Desc: 获取 Gitee 仓库的 package.json URL
+ */
+async function getGiteePackageJsonUrl(
+  projectUrlInfo: RemoteProjectUrlInfo,
+): Promise<PackageJsonUrlInfo> {
+  const { owner, repo, path } = projectUrlInfo;
+  let branchName: string;
+
+  if (path.startsWith("/tree/")) {
+    const pathParts = path.split("/").filter(Boolean);
+    branchName = pathParts[1]!;
+  } else {
+    // 通过 API 获取仓库信息，获取默认分支名称
+    const url = `https://gitee.com/api/v5/repos/${owner}/${repo}`;
+    const info = (await fetch(url).then((resp) =>
+      resp.json(),
+    )) as GitProjectInfo;
+    branchName = info.default_branch;
+  }
+  return {
+    branchName,
+    packageJsonUrl: `https://gitee.com/${owner}/${repo}/raw/${branchName}/package.json`,
+  };
+}
+
+/**
+ * @Desc: 获取 GitLab 仓库的 package.json URL
+ */
+async function getGitlabPackageJsonUrl(
+  projectUrlInfo: RemoteProjectUrlInfo,
+): Promise<PackageJsonUrlInfo> {
+  const { owner, repo, path } = projectUrlInfo;
+  let branchName: string;
+
+  if (path.startsWith("/tree/")) {
+    const pathParts = path.split("/").filter(Boolean);
+    branchName = `${pathParts[1]}`;
+  } else {
+    // 通过 API 获取仓库信息，获取默认分支名称
+    // TODO:地址可能有问题
+    const url = `https://gitlab.com/api/v4/projects/${owner}/${repo}`;
+    const info = (await fetch(url).then((resp) =>
+      resp.json(),
+    )) as GitProjectInfo;
+    branchName = info.default_branch;
+  }
+  return {
+    branchName,
+    packageJsonUrl: `https://gitlab.com/${owner}/${repo}/-/raw/${branchName}/package.json`,
+  };
+}
+
+/**
+ * @Desc: 获取 Git 仓库的 package.json URL
+ * @return {string} package.json 的 URL
+ * @param {Object} gitUrlInfo - 解析后的 Git 仓库信息 { owner, repo, path, platform }
+ */
+export async function getPackageJsonUrl(gitUrlInfo: RemoteProjectUrlInfo) {
+  // 具体是何种远程仓库，根据平台选择不同的 URL 构造函数
+  switch (gitUrlInfo.platform) {
+    case "github":
+      return await getGithubPackageJsonUrl(gitUrlInfo);
+    case "gitee":
+      return await getGiteePackageJsonUrl(gitUrlInfo);
+    case "gitlab":
+      return await getGitlabPackageJsonUrl(gitUrlInfo);
+    default:
+      throw new Error(`Unsupported platform: ${gitUrlInfo.platform}`);
+  }
+}
+
+/**
+ * @Desc: 获取远程仓库的 package.json文件内容
+ * @return {*}
+ * @param {string} gitUrl
+ */
+export async function parseRemoteProject(gitUrl: string) {
+  const gitInfo = parseGitUrl(gitUrl);
+  const { packageJsonUrl } = await getPackageJsonUrl(gitInfo);
+  // 返回json
+  return (await fetch(packageJsonUrl).then((resp) =>
+    resp.json(),
+  )) as Promise<PackageJsonInfo>;
+}
+
+/**
+ * @Desc: 获取 GitHub 仓库的 package.json URL
+ * @param {Object} projectUrlInfo - 解析后的 Git 仓库信息 { owner, repo, path, platform }
+ * @param {string[]} workspaceNames - 工作空间名称列表，每个元素为一个子包的名称
+ * @return {Promise<string>} package.json 的 URL
+ */
+async function getGithubSubPackagePackageJsonUrl(
+  projectUrlInfo: RemoteProjectUrlInfo,
+  workspaceNames: string[],
+): Promise<string> {
+  const { owner, repo, path } = projectUrlInfo;
+  let branchName: string;
+
+  // 如果path以 /tree/ 开头，则表示是分支路径，如 /tree/v5.2.2或者/tree/dev，则取分支名称 v5.2.2
+  if (path.startsWith("/tree/")) {
+    const pathParts = path.split("/").filter(Boolean);
+    branchName = pathParts[1]!;
+  } else {
+    // 通过 API 获取仓库信息，获取默认分支名称
+    const url = `https://api.github.com/repos/${owner}/${repo}`;
+    const info = (await fetch(url).then((resp) =>
+      resp.json(),
+    )) as GitProjectInfo;
+    branchName = info.default_branch;
+  }
+  // return `https://raw.githubusercontent.com/${owner}/${repo}/${branchName}/package.json`;
+  return `https://raw.githubusercontent.com/anren-hk/slt-erp/main/packages/net/package.json`;
+}

package/src/parseProject/parseWorkspace.ts

@@ -0,0 +1,202 @@
+import { readdirSync, promises } from "fs";
+import { join } from "path";
+import yaml from "js-yaml";
+import type { PackageJsonInfo } from "../types.js";
+import {
+  getPackageJsonUrl,
+  parseGitUrl,
+  type RemoteProjectUrlInfo,
+} from "./parseRemoteProject.js";
+
+interface ParseWorkspaceOptions {
+  /** 项目地址链接 */
+  projectRoot: string;
+  /** 项目根package.json文件内容 */
+  packageJsonRoot: PackageJsonInfo;
+}
+
+interface GitContentInfo {
+  /** 文件或目录名称 */
+  name: string;
+  /** 文件类型 */
+  type: string;
+  /** 文件下载地址 */
+  download_url: string;
+}
+
+export interface RemoteWorkspaceInfo {
+  gitInfo?: RemoteProjectUrlInfo;
+  branchName?: string;
+  subPackageNames: string[];
+}
+
+/**
+ * 工具项目地址，判断是本地工程还是远程仓库
+ */
+export function parseWorkspace(options: ParseWorkspaceOptions) {
+  const { projectRoot } = options;
+  // 分辨是本地工程还是远程仓库
+  if (projectRoot.startsWith("http://") || projectRoot.startsWith("https://")) {
+    // 远程项目
+    return parseRemoteWorkspace(options);
+  }
+  return parseLocalWorkspace(options);
+}
+
+/**
+ * @Desc: 获取本地项目中Monorepo项目相关信息
+ * @param {string} projectRoot 本地项目地址
+ * @param {PackageJsonInfo} packageJsonRoot 项目根package.json文件内容
+ * @return {string[]} 项目中的子包位置信息，例如：[ 'packages/**', 'apps/**', 'features/**' ]
+ */
+async function getMonorepoInfoByLocal(
+  projectRoot: string,
+  packageJsonRoot: PackageJsonInfo,
+) {
+  // 判断指定目录下是否有文件名包含workspace.yaml的文件，例如：pnpm-workspace.yaml
+  const fileNames = await readdirSync(projectRoot);
+  const workspaceFileName = fileNames.find((fileName) =>
+    fileName.includes("workspace.yaml"),
+  );
+  if (workspaceFileName) {
+    const workspaceFile = join(projectRoot, workspaceFileName);
+    const fileContent = await promises.readFile(workspaceFile, "utf8");
+    const fileInfo = yaml.load(fileContent) as { packages: string[] };
+    return {
+      workspaces: fileInfo.packages,
+    };
+  }
+  // 判断packageJson文件中是否有workspaces字段
+  if (packageJsonRoot.workspaces && packageJsonRoot.workspaces.length > 0) {
+    return {
+      workspaces: packageJsonRoot.workspaces as string[],
+    };
+  }
+  return null;
+}
+
+/**
+ * @Desc: 获取本地项目中workspace相关信息
+ * @param {options} options 包含projectRoot和packageJsonRoot 项目根package.json文件内容
+ * @param {string[]} options.projectRoot 本地项目地址
+ * @param {string} options.packageJsonRoot package.json文件内容
+ */
+async function parseLocalWorkspace(
+  options: ParseWorkspaceOptions,
+): Promise<RemoteWorkspaceInfo | null> {
+  const { projectRoot, packageJsonRoot } = options;
+  const monorepoInfo = await getMonorepoInfoByLocal(
+    projectRoot,
+    packageJsonRoot,
+  );
+  if (!monorepoInfo) {
+    // 本地项目不是monorepo工程
+    return null;
+  }
+  const { workspaces } = monorepoInfo;
+  // 获取子包所在位置
+  const workspaceNames = workspaces.map((workspace) => workspace.split("/")[0]);
+  const subPackageNames = await Promise.all(
+    workspaceNames.map(async (workspaceName) => {
+      if (!workspaceName) {
+        return [];
+      }
+      const packageName = join(projectRoot, workspaceName);
+      // 获取所有子包项目
+      const subFileNames = await readdirSync(packageName);
+      return subFileNames.map((sub) => workspaceName + "/" + sub);
+    }),
+  );
+  return {
+    subPackageNames: subPackageNames.flat(),
+  };
+}
+
+/**
+ * @Desc: 获取远程项目中Monorepo项目相关信息
+ * @param {string} projectRoot 远程项目地址
+ * @param {PackageJsonInfo} packageJsonRoot 项目根package.json文件内容
+ * @return {string[]} 项目中的子包位置信息，例如：[ 'packages/**', 'apps/**', 'features/**' ]
+ */
+async function getMonorepoInfoByRemote(
+  projectRoot: string,
+  packageJsonRoot: PackageJsonInfo,
+) {
+  const gitInfo = parseGitUrl(projectRoot);
+  const { owner, repo } = gitInfo;
+  const { branchName } = await getPackageJsonUrl(gitInfo);
+  const projectInfoUrl = `https://api.github.com/repos/${owner}/${repo}/contents?ref=${branchName}`;
+  const contentInfoList = (await fetch(projectInfoUrl).then((resp) =>
+    resp.json(),
+  )) as GitContentInfo[];
+  const workspaceFileInfo = contentInfoList.findLast((item) =>
+    item.name.includes("workspace.yaml"),
+  );
+
+  if (workspaceFileInfo) {
+    const fileContent = await fetch(workspaceFileInfo.download_url).then(
+      (resp) => resp.text(),
+    );
+    const fileInfo = yaml.load(fileContent) as { packages: string[] };
+    return {
+      gitInfo,
+      branchName,
+      workspaces: fileInfo.packages,
+    };
+  }
+  // 判断packageJson文件中是否有workspaces字段
+  if (packageJsonRoot.workspaces && packageJsonRoot.workspaces.length > 0) {
+    return {
+      gitInfo,
+      branchName,
+      workspaces: packageJsonRoot.workspaces,
+    };
+  }
+  return null;
+}
+
+/**
+ * @Desc: 获取远程项目中workspace相关信息
+ * @param {options} options 包含gitInfo和packageJsonRoot 项目根package.json文件内容
+ * @param {string[]} options.projectRoot 远程项目地址
+ * @param {string} options.packageJsonRoot package.json文件内容
+ */
+async function parseRemoteWorkspace(
+  options: ParseWorkspaceOptions,
+): Promise<RemoteWorkspaceInfo | null> {
+  const { projectRoot, packageJsonRoot } = options;
+  const monorepoInfo = await getMonorepoInfoByRemote(
+    projectRoot,
+    packageJsonRoot,
+  );
+
+  if (!monorepoInfo) {
+    // 远程项目不是monorepo工程
+    return null;
+  }
+  const { gitInfo, branchName, workspaces } = monorepoInfo;
+  const { owner, repo } = gitInfo;
+  // 获取子包所在位置
+  const workspaceNames = workspaces.map((workspace) => workspace.split("/")[0]);
+  const subPackageNames = await Promise.all(
+    workspaceNames.map(async (workspaceName) => {
+      if (!workspaceName) {
+        return [];
+      }
+      const packageInfoUrl = `https://api.github.com/repos/${owner}/${repo}/contents/${workspaceName}?ref=${branchName}`;
+      // 获取所有子包项目
+      const subFileInfoList = (await fetch(packageInfoUrl)
+        .then((resp) => resp.json())
+        .catch((err) => {
+          return [];
+        })) as GitContentInfo[];
+
+      return subFileInfoList.map((sub) => workspaceName + "/" + sub.name);
+    }),
+  );
+  return {
+    gitInfo,
+    branchName,
+    subPackageNames: subPackageNames.flat(),
+  };
+}

package/src/render/index.ts

@@ -0,0 +1,30 @@
+import type { NormalizedResult } from "../audit/normalizeAuditResult.js";
+import type { PackageJsonInfo } from "../types.js";
+import { renderMarkdown, type MarkdownData } from "./markdown.js";
+
+const desc = {
+  severityLevels: {
+    low: "低危",
+    moderate: "中危",
+    high: "高危",
+    critical: "严重",
+    info: "信息",
+  },
+};
+
+/**
+ * 讲auditResult渲染为markdown格式的字符串
+ * @param {object} auditResult 规范化的审计结果
+ * @param {object} packageJson 包的package.json内容
+ */
+export async function render(
+  auditResult: NormalizedResult,
+  packageJson: PackageJsonInfo,
+) {
+  const data: MarkdownData = {
+    audit: auditResult,
+    desc,
+    packageJson,
+  };
+  return await renderMarkdown(data);
+}

package/src/render/markdown.ts

@@ -0,0 +1,29 @@
+import ejs from "ejs";
+import { join } from "path";
+import { getDirname } from "../utils/index.js";
+import type { NormalizedResult } from "../audit/normalizeAuditResult.js";
+import type { AuditSeverity, PackageJsonInfo } from "../types.js";
+
+export interface MarkdownDesc {
+  severityLevels: Record<AuditSeverity, string>;
+}
+
+export interface MarkdownData {
+  audit: NormalizedResult;
+  desc: MarkdownDesc;
+  packageJson: PackageJsonInfo;
+}
+
+const templatePath = join(getDirname(import.meta.url), "./template/index.ejs");
+
+export function renderMarkdown(data: MarkdownData): Promise<string> {
+  return new Promise((resolve, reject) => {
+    ejs.renderFile(templatePath, data, (err, str) => {
+      if (err) {
+        reject(err);
+        return;
+      }
+      resolve(str);
+    });
+  });
+}

package/src/render/template/audit.ejs

@@ -0,0 +1,30 @@
+您所审计的工程总共有 **<%- audit.summary.total %>** 个风险漏洞。
+
+其中：
+
+- **<%- desc.severityLevels.critical %>漏洞**：共计 **<%- audit.summary.critical %>** 个
+- **<%- desc.severityLevels.high %>漏洞**：共计 **<%- audit.summary.high %>** 个
+- **<%- desc.severityLevels.moderate %>漏洞**：共计 **<%- audit.summary.moderate %>** 个
+- **<%- desc.severityLevels.low %>漏洞**：共计 **<%- audit.summary.low %>** 个
+
+> 说明：
+>
+> - **<%- desc.severityLevels.critical %>**漏洞被认为是极其严重的，应该立即修复。
+> - **<%- desc.severityLevels.high %>**漏洞被认为是严重的，应该尽快修复。
+> - **<%- desc.severityLevels.moderate %>**漏洞被认为是中等严重的，可以选择在时间允许时修复。
+> - **<%- desc.severityLevels.low %>**漏洞被认为是轻微的，可以根据自行需要进行修复。
+
+下面是漏洞的详细信息
+
+<% if (audit.summary.critical) { %>
+<%- include('./detail.ejs', {type:'critical'}); %>
+<% } %>
+<% if (audit.summary.high) { %>
+<%- include('./detail.ejs', {type:'high'}); %>
+<% } %>
+<% if (audit.summary.moderate) { %>
+<%- include('./detail.ejs', {type:'moderate'}); %>
+<% } %>
+<% if (audit.summary.low) { %>
+<%- include('./detail.ejs', {type:'low'}); %> 
+<% } %>

package/src/render/template/detail-item.ejs

@@ -0,0 +1,32 @@
+### `<%- item.name -%>`
+
+**漏洞描述**：
+<% item.problems.forEach((problem) => { %>
+- <%- problem.title %>
+  - npm漏洞编号：`<%- problem.source %>`
+  - 漏洞详细说明：<%- problem.url %>
+  - 漏洞等级：<%- desc.severityLevels[problem.severity] %>
+  - 受影响的版本：`<%- problem.range %>`
+<% }); %>
+
+**依赖关系**：
+<% if(item.depChains.length === 0) { %>
+<% if(item.name === packageJson.name) { %>
+当前工程
+<% } else { %>
+- `<%- packageJson.name %>` / <%- item.name %>
+<% } %>
+<% } else { %>
+<% item.depChains.forEach((chain) => { %>
+<% if(chain.length === 1 && chain[0] === packageJson.name) { %>
+当前工程
+<% } else { %>
+- `<%- packageJson.name %>` / <%- chain.map(c=>`\`${c}\``).join(' / ') %>
+<% } %>
+  <% }); %>
+  <% } %>
+
+**漏洞包所在目录**：
+<% item.nodes.forEach((path) => { %>
+- `<%- path %>`
+<% }); %>

package/src/render/template/detail.ejs

@@ -0,0 +1,7 @@
+## <%-desc.severityLevels[type] %>漏洞
+
+共计 **<%- audit.summary[type] %>** 个
+
+<% audit.vulnerabilities[type].forEach(function(item){ %>
+<%- include('./detail-item.ejs', {item: item}) %>
+<% }); %>

package/src/render/template/index.ejs

@@ -0,0 +1,8 @@
+# `<%- packageJson.name %>`审计结果
+
+<% if(audit.summary.total) { %>
+<%- include('./audit.ejs'); %>
+<% } %>
+<% if(audit.summary.total === 0) { %>
+你项目的所有直接依赖和间接依赖都没有发现任何风险漏洞。
+<% } %>