npm - @code-pushup/js-packages-plugin - Versions diffs - 0.30.0-alpha → 0.34.0 - Mend

@code-pushup/js-packages-plugin 0.30.0-alpha → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/bin.js +104 -36
package/index.js +1 -1
package/package.json +3 -3
package/src/lib/runner/audit/constants.d.ts +1 -0
package/src/lib/runner/audit/types.d.ts +18 -0
package/src/lib/runner/audit/unify-type.d.ts +2 -0
package/src/lib/runner/outdated/constants.d.ts +1 -1
package/src/lib/runner/outdated/types.d.ts +6 -0
package/src/lib/runner/outdated/unify-type.d.ts +1 -0

package/bin.js CHANGED Viewed

@@ -1034,12 +1034,57 @@ function yarnv2ToAuditResult(output) {
       };
     }
   );
-  const total = Object.values(yarnv2Audit.metadata.vulnerabilities).reduce(
-    (acc, value) => acc + value,
-    0
+  return {
+    vulnerabilities,
+    summary: {
+      ...yarnv2Audit.metadata.vulnerabilities,
+      total: getVulnerabilitiesTotal(yarnv2Audit.metadata.vulnerabilities)
+    }
+  };
+}
+function pnpmToAuditResult(output) {
+  const pnpmResult = JSON.parse(output);
+  const vulnerabilities = Object.values(pnpmResult.advisories).map(
+    ({
+      module_name: name,
+      id,
+      title,
+      url,
+      severity,
+      vulnerable_versions: versionRange,
+      recommendation: fixInformation,
+      findings
+    }) => {
+      const path = findings[0]?.paths[0];
+      return {
+        name,
+        id,
+        title,
+        url,
+        severity,
+        versionRange,
+        directDependency: path == null ? true : pnpmToDirectDependency(path),
+        fixInformation
+      };
+    }
   );
-  const summary = { ...yarnv2Audit.metadata.vulnerabilities, total };
-  return { vulnerabilities, summary };
+  return {
+    vulnerabilities,
+    summary: {
+      ...pnpmResult.metadata.vulnerabilities,
+      total: getVulnerabilitiesTotal(pnpmResult.metadata.vulnerabilities)
+    }
+  };
+}
+function pnpmToDirectDependency(path) {
+  const deps = path.split(" > ").slice(1);
+  if (deps.length <= 1) {
+    return true;
+  }
+  return deps[0]?.split("@")[0] ?? true;
+}
+function getVulnerabilitiesTotal(summary) {
+  return Object.values(summary).reduce((acc, value) => acc + value, 0);
 }
 // packages/plugin-js-packages/src/lib/runner/audit/constants.ts
@@ -1054,9 +1099,27 @@ var normalizeAuditMapper = {
   npm: npmToAuditResult,
   "yarn-classic": yarnv1ToAuditResult,
   "yarn-modern": yarnv2ToAuditResult,
-  pnpm: () => {
-    throw new Error("PNPM audit is not supported yet.");
-  }
+  pnpm: pnpmToAuditResult
+};
+var filterNpmAuditResults = (results) => ({
+  prod: results.prod,
+  dev: filterAuditResult(results.dev, "name", results.prod),
+  optional: filterAuditResult(results.optional, "name", results.prod)
+});
+var filterPnpmAuditResults = (results) => ({
+  prod: results.prod,
+  dev: results.dev,
+  optional: filterAuditResult(
+    filterAuditResult(results.optional, "id", results.prod),
+    "id",
+    results.dev
+  )
+});
+var postProcessingAuditMapper = {
+  npm: filterNpmAuditResults,
+  // prod dependencies need to be filtered out manually since v10
+  pnpm: filterPnpmAuditResults
+  // optional dependencies don't have an exclusive option so they need duplicates filtered out
 };
 var npmDependencyOptions = {
   prod: ["--omit=dev", "--omit=optional"],
@@ -1068,16 +1131,16 @@ var yarnv2EnvironmentOptions = {
   dev: "development",
   optional: ""
 };
+var pnpmDependencyOptions = {
+  prod: ["--prod", "--no-optional"],
+  dev: ["--dev", "--no-optional"],
+  optional: []
+};
 var auditArgs = (groupDep) => ({
-  npm: [...npmDependencyOptions[groupDep], "--json", "--audit-level=none"],
-  "yarn-classic": ["--json", "--groups", dependencyGroupToLong[groupDep]],
-  "yarn-modern": [
-    "--json",
-    "--environment",
-    yarnv2EnvironmentOptions[groupDep]
-  ],
-  // TODO: Add once PNPM is supported.
-  pnpm: []
+  npm: [...npmDependencyOptions[groupDep], "--audit-level=none"],
+  "yarn-classic": ["--groups", dependencyGroupToLong[groupDep]],
+  "yarn-modern": ["--environment", yarnv2EnvironmentOptions[groupDep]],
+  pnpm: [...pnpmDependencyOptions[groupDep]]
 });
 // packages/plugin-js-packages/src/lib/runner/audit/transform.ts
@@ -1177,6 +1240,17 @@ function yarnv2ToOutdatedResult(output) {
     type
   }));
 }
+function pnpmToOutdatedResult(output) {
+  const pnpmOutdated = JSON.parse(output);
+  return objectToEntries(pnpmOutdated).map(
+    ([name, { current, latest, dependencyType: type }]) => ({
+      name,
+      current,
+      latest,
+      type
+    })
+  );
+}
 // packages/plugin-js-packages/src/lib/runner/outdated/constants.ts
 var outdatedSeverity = {
@@ -1184,17 +1258,17 @@ var outdatedSeverity = {
   minor: "warning",
   patch: "info"
 };
-var outdatedArgs = {
-  npm: ["--json", "--long"],
-  "yarn-classic": ["--json"],
-  "yarn-modern": ["--json"],
-  pnpm: []
-};
 var normalizeOutdatedMapper = {
   npm: npmToOutdatedResult,
   "yarn-classic": yarnv1ToOutdatedResult,
   "yarn-modern": yarnv2ToOutdatedResult,
-  pnpm: (_) => []
+  pnpm: pnpmToOutdatedResult
+};
+var outdatedArgs = {
+  npm: ["--long"],
+  "yarn-classic": [],
+  "yarn-modern": [],
+  pnpm: []
 };
 // packages/plugin-js-packages/src/lib/runner/outdated/types.ts
@@ -1291,10 +1365,10 @@ async function executeRunner() {
 async function processOutdated(packageManager) {
   const { stdout } = await executeProcess({
     command: pkgManagerCommands[packageManager],
-    args: ["outdated", ...outdatedArgs[packageManager]],
+    args: ["outdated", "--json", ...outdatedArgs[packageManager]],
     cwd: process.cwd(),
     ignoreExitCode: true
-    // npm outdated returns exit code 1 when outdated dependencies are found
+    // outdated returns exit code 1 when outdated dependencies are found
   });
   const normalizedResult = normalizeOutdatedMapper[packageManager](stdout);
   return dependencyGroups.map(
@@ -1310,8 +1384,8 @@ async function processAudit(packageManager, auditLevelMapping) {
           command: pkgManagerCommands[packageManager],
           args: getAuditCommandArgs(packageManager, dep),
           cwd: process.cwd(),
-          ignoreExitCode: packageManager === "yarn-classic"
-          // yarn v1 does not have exit code configuration
+          ignoreExitCode: packageManager === "yarn-classic" || packageManager === "pnpm"
+          // yarn v1 and PNPM do not have exit code configuration
         });
         return [dep, normalizeAuditMapper[packageManager](stdout)];
       }
@@ -1329,7 +1403,7 @@ async function processAudit(packageManager, auditLevelMapping) {
   const fulfilled = objectFromEntries(
     auditResults.filter(isPromiseFulfilledResult).map((x) => x.value)
   );
-  const uniqueResults = packageManager === "npm" ? filterNpmAuditResults(fulfilled) : fulfilled;
+  const uniqueResults = postProcessingAuditMapper[packageManager]?.(fulfilled) ?? fulfilled;
   return supportedDepGroups.map(
     (group) => auditResultToAuditOutput(
       uniqueResults[group],
@@ -1343,16 +1417,10 @@ function getAuditCommandArgs(packageManager, group) {
   return [
     ...packageManager === "yarn-modern" ? ["npm"] : [],
     "audit",
+    "--json",
     ...auditArgs(group)[packageManager]
   ];
 }
-function filterNpmAuditResults(results) {
-  return {
-    prod: results.prod,
-    dev: filterAuditResult(results.dev, "name", results.prod),
-    optional: filterAuditResult(results.optional, "name", results.prod)
-  };
-}
 // packages/plugin-js-packages/src/bin.ts
 await executeRunner();

package/index.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { fileURLToPath } from "node:url";
 // packages/plugin-js-packages/package.json
 var name = "@code-pushup/js-packages-plugin";
-var version = "0.29.0";
+var version = "0.34.0";
 // packages/plugin-js-packages/src/lib/config.ts
 import { z as z15 } from "zod";

package/package.json CHANGED Viewed

@@ -1,9 +1,9 @@
 {
   "name": "@code-pushup/js-packages-plugin",
-  "version": "0.30.0-alpha",
+  "version": "0.34.0",
   "dependencies": {
-    "@code-pushup/models": "*",
-    "@code-pushup/utils": "*",
+    "@code-pushup/models": "0.34.0",
+    "@code-pushup/utils": "0.34.0",
     "zod": "^3.22.4"
   },
   "license": "MIT",

package/src/lib/runner/audit/constants.d.ts CHANGED Viewed

@@ -2,4 +2,5 @@ import { DependencyGroup, PackageAuditLevel, PackageManager } from '../../config
 import { AuditResult } from './types';
 export declare const auditScoreModifiers: Record<PackageAuditLevel, number>;
 export declare const normalizeAuditMapper: Record<PackageManager, (output: string) => AuditResult>;
+export declare const postProcessingAuditMapper: Partial<Record<PackageManager, (result: Record<DependencyGroup, AuditResult>) => Record<DependencyGroup, AuditResult>>>;
 export declare const auditArgs: (groupDep: DependencyGroup) => Record<PackageManager, string[]>;

package/src/lib/runner/audit/types.d.ts CHANGED Viewed

@@ -83,3 +83,21 @@ export type Yarnv2AuditResultJson = {
         vulnerabilities: Record<PackageAuditLevel, number>;
     };
 };
+export type PnpmAuditAdvisory = {
+    module_name: string;
+    id: number;
+    severity: PackageAuditLevel;
+    vulnerable_versions: string;
+    recommendation: string;
+    title: string;
+    url: string;
+    findings: {
+        paths: string[];
+    }[];
+};
+export type PnpmAuditResultJson = {
+    advisories: Record<string, PnpmAuditAdvisory>;
+    metadata: {
+        vulnerabilities: Record<PackageAuditLevel, number>;
+    };
+};

package/src/lib/runner/audit/unify-type.d.ts CHANGED Viewed

@@ -4,3 +4,5 @@ export declare function npmToFixInformation(fixAvailable: boolean | NpmFixInform
 export declare function npmToAdvisory(name: string, vulnerabilities: NpmVulnerabilities, prevNodes?: Set<string>): NpmAdvisory | null;
 export declare function yarnv1ToAuditResult(output: string): AuditResult;
 export declare function yarnv2ToAuditResult(output: string): AuditResult;
+export declare function pnpmToAuditResult(output: string): AuditResult;
+export declare function pnpmToDirectDependency(path: string): string | true;

package/src/lib/runner/outdated/constants.d.ts CHANGED Viewed

@@ -2,5 +2,5 @@ import { IssueSeverity } from '@code-pushup/models';
 import { PackageManager } from '../../config';
 import { OutdatedResult, VersionType } from './types';
 export declare const outdatedSeverity: Record<VersionType, IssueSeverity>;
-export declare const outdatedArgs: Record<PackageManager, string[]>;
 export declare const normalizeOutdatedMapper: Record<PackageManager, (output: string) => OutdatedResult>;
+export declare const outdatedArgs: Record<PackageManager, string[]>;

package/src/lib/runner/outdated/types.d.ts CHANGED Viewed

@@ -45,4 +45,10 @@ export type Yarnv2VersionOverview = {
     type: DependencyGroupLong;
 };
 export type Yarnv2OutdatedResultJson = Yarnv2VersionOverview[];
+export type PnpmVersionOverview = {
+    current: string;
+    latest: string;
+    dependencyType: DependencyGroupLong;
+};
+export type PnpmOutdatedResultJson = Record<string, PnpmVersionOverview>;
 export {};

package/src/lib/runner/outdated/unify-type.d.ts CHANGED Viewed

@@ -2,3 +2,4 @@ import { OutdatedResult } from './types';
 export declare function npmToOutdatedResult(output: string): OutdatedResult;
 export declare function yarnv1ToOutdatedResult(output: string): OutdatedResult;
 export declare function yarnv2ToOutdatedResult(output: string): OutdatedResult;
+export declare function pnpmToOutdatedResult(output: string): OutdatedResult;