@code-pushup/js-packages-plugin 0.34.0 → 0.39.0

package/index.js

@@ -4,7 +4,7 @@ import { fileURLToPath } from "node:url";
 
 // packages/plugin-js-packages/package.json
 var name = "@code-pushup/js-packages-plugin";
-var version = "0.34.0";
+var version = "0.39.0";
 
 // packages/plugin-js-packages/src/lib/config.ts
 import { z as z15 } from "zod";
@@ -585,10 +585,14 @@ function makeArraysComparisonSchema(diffSchema, resultSchema, description) {
     { description }
   );
 }
-var scorableMetaSchema = z14.object({ slug: slugSchema, title: titleSchema });
+var scorableMetaSchema = z14.object({
+  slug: slugSchema,
+  title: titleSchema,
+  docsUrl: docsUrlSchema
+});
 var scorableWithPluginMetaSchema = scorableMetaSchema.merge(
   z14.object({
-    plugin: pluginMetaSchema.pick({ slug: true, title: true }).describe("Plugin which defines it")
+    plugin: pluginMetaSchema.pick({ slug: true, title: true, docsUrl: true }).describe("Plugin which defines it")
   })
 );
 var scorableDiffSchema = scorableMetaSchema.merge(
@@ -663,35 +667,16 @@ var defaultAuditLevelMapping = {
   low: "warning",
   info: "info"
 };
-var pkgManagerNames = {
-  npm: "NPM",
-  "yarn-classic": "Yarn v1",
-  "yarn-modern": "Yarn v2+",
-  pnpm: "PNPM"
-};
-var pkgManagerIcons = {
-  npm: "npm",
-  "yarn-classic": "yarn",
-  "yarn-modern": "yarn",
-  pnpm: "pnpm"
-};
-var pkgManagerDocs = {
-  npm: "https://docs.npmjs.com/",
-  "yarn-classic": "https://classic.yarnpkg.com/docs/",
-  "yarn-modern": "https://yarnpkg.com/getting-started",
-  pnpm: "https://pnpm.io/pnpm-cli"
-};
-var auditDocs = {
-  npm: "https://docs.npmjs.com/cli/commands/npm-audit",
-  "yarn-classic": "https://classic.yarnpkg.com/docs/cli/audit",
-  "yarn-modern": "https://yarnpkg.com/cli/npm/audit",
-  pnpm: "https://pnpm.io/cli/audit/"
+var dependencyGroupToLong = {
+  prod: "dependencies",
+  dev: "devDependencies",
+  optional: "optionalDependencies"
 };
-var outdatedDocs = {
-  npm: "https://docs.npmjs.com/cli/commands/npm-outdated",
-  "yarn-classic": "https://classic.yarnpkg.com/docs/cli/outdated/",
-  "yarn-modern": "https://github.com/mskelton/yarn-plugin-outdated",
-  pnpm: "https://pnpm.io/cli/outdated"
+var dependencyGroupWeights = {
+  // eslint-disable-next-line no-magic-numbers
+  prod: 3,
+  dev: 1,
+  optional: 1
 };
 var dependencyDocs = {
   prod: "https://classic.yarnpkg.com/docs/dependency-types#toc-dependencies",
@@ -700,8 +685,9 @@ var dependencyDocs = {
 };
 
 // packages/plugin-js-packages/src/lib/config.ts
+var dependencyGroups = ["prod", "dev", "optional"];
 var packageCommandSchema = z15.enum(["audit", "outdated"]);
-var packageManagerSchema = z15.enum([
+var packageManagerIdSchema = z15.enum([
   "npm",
   "yarn-classic",
   "yarn-modern",
@@ -728,15 +714,49 @@ var jsPackagesPluginConfigSchema = z15.object({
   checks: z15.array(packageCommandSchema, {
     description: "Package manager commands to be run. Defaults to both audit and outdated."
   }).min(1).default(["audit", "outdated"]),
-  packageManager: packageManagerSchema.describe("Package manager to be used."),
+  packageManager: packageManagerIdSchema.describe(
+    "Package manager to be used."
+  ),
   auditLevelMapping: z15.record(packageAuditLevelSchema, issueSeveritySchema, {
     description: "Mapping of audit levels to issue severity. Custom mapping or overrides may be entered manually, otherwise has a default preset."
   }).default(defaultAuditLevelMapping).transform(fillAuditLevelMapping)
 });
 
-// packages/plugin-js-packages/src/lib/runner/index.ts
-import { writeFile } from "node:fs/promises";
-import { dirname } from "node:path";
+// packages/plugin-js-packages/src/lib/runner/utils.ts
+function filterAuditResult(result, key, referenceResult) {
+  if (result.vulnerabilities.length === 0) {
+    return result;
+  }
+  const uniqueResult = result.vulnerabilities.reduce(
+    (acc, ref) => {
+      const matchReference = referenceResult ?? acc;
+      const isMatch = matchReference.vulnerabilities.map((vulnerability) => vulnerability[key]).includes(ref[key]);
+      if (isMatch) {
+        return {
+          vulnerabilities: acc.vulnerabilities,
+          summary: {
+            ...acc.summary,
+            [ref.severity]: acc.summary[ref.severity] - 1,
+            total: acc.summary.total - 1
+          }
+        };
+      }
+      return {
+        vulnerabilities: [...acc.vulnerabilities, ref],
+        summary: acc.summary
+      };
+    },
+    { vulnerabilities: [], summary: result.summary }
+  );
+  return {
+    vulnerabilities: uniqueResult.vulnerabilities,
+    summary: uniqueResult.summary
+  };
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/constants.ts
+var COMMON_AUDIT_ARGS = ["audit", "--json"];
+var COMMON_OUTDATED_ARGS = ["outdated", "--json"];
 
 // packages/utils/src/lib/file-system.ts
 import { bundleRequire } from "bundle-require";
@@ -782,7 +802,7 @@ async function ensureDirectoryExists(baseDir) {
     await mkdir(baseDir, { recursive: true });
     return;
   } catch (error) {
-    ui().logger.error(error.message);
+    ui().logger.info(error.message);
     if (error.code !== "EEXIST") {
       throw error;
     }
@@ -795,6 +815,19 @@ function pluginWorkDir(slug) {
 // packages/utils/src/lib/git.ts
 import { simpleGit } from "simple-git";
 
+// packages/utils/src/lib/transform.ts
+import { platform } from "node:os";
+function objectToEntries(obj) {
+  return Object.entries(obj);
+}
+function toUnixNewlines(text) {
+  return platform() === "win32" ? text.replace(/\r\n/g, "\n") : text;
+}
+function fromJsonLines(jsonLines) {
+  const unifiedNewLines = toUnixNewlines(jsonLines).trim();
+  return JSON.parse(`[${unifiedNewLines.split("\n").join(",")}]`);
+}
+
 // packages/utils/src/lib/progress.ts
 import chalk3 from "chalk";
 import { MultiProgressBars } from "multi-progress-bars";
@@ -802,6 +835,392 @@ import { MultiProgressBars } from "multi-progress-bars";
 // packages/utils/src/lib/reports/log-stdout-summary.ts
 import chalk4 from "chalk";
 
+// packages/plugin-js-packages/src/lib/package-managers/npm/audit-result.ts
+function npmToAuditResult(output) {
+  const npmAudit = JSON.parse(output);
+  const vulnerabilities = objectToEntries(npmAudit.vulnerabilities).map(
+    ([name2, detail]) => {
+      const advisory = npmToAdvisory(name2, npmAudit.vulnerabilities);
+      return {
+        name: name2.toString(),
+        severity: detail.severity,
+        versionRange: detail.range,
+        directDependency: detail.isDirect ? true : detail.effects[0] ?? "",
+        fixInformation: npmToFixInformation(detail.fixAvailable),
+        ...advisory != null && {
+          title: advisory.title,
+          url: advisory.url
+        }
+      };
+    }
+  );
+  return {
+    vulnerabilities,
+    summary: npmAudit.metadata.vulnerabilities
+  };
+}
+function npmToFixInformation(fixAvailable) {
+  if (typeof fixAvailable === "boolean") {
+    return fixAvailable ? "Fix is available." : "";
+  }
+  return `Fix available: Update \`${fixAvailable.name}\` to version **${fixAvailable.version}**${fixAvailable.isSemVerMajor ? " (breaking change)." : "."}`;
+}
+function npmToAdvisory(name2, vulnerabilities, prevNodes = /* @__PURE__ */ new Set()) {
+  const advisory = vulnerabilities[name2]?.via;
+  if (Array.isArray(advisory) && advisory.length > 0 && typeof advisory[0] === "object") {
+    return { title: advisory[0].title, url: advisory[0].url };
+  }
+  if (Array.isArray(advisory) && advisory.length > 0 && advisory.every((value) => typeof value === "string")) {
+    let advisoryInfo = null;
+    let newReferences = [];
+    let advisoryInfoFound = false;
+    for (const via of advisory) {
+      if (!prevNodes.has(via)) {
+        newReferences.push(via);
+      }
+    }
+    while (newReferences.length > 0 && !advisoryInfoFound) {
+      const ref = newReferences.pop();
+      prevNodes.add(ref);
+      const result = npmToAdvisory(ref, vulnerabilities, prevNodes);
+      if (result != null) {
+        advisoryInfo = { title: result.title, url: result.url };
+        advisoryInfoFound = true;
+      }
+    }
+    return advisoryInfo;
+  }
+  return null;
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/npm/outdated-result.ts
+function npmToOutdatedResult(output) {
+  const npmOutdated = JSON.parse(output);
+  return objectToEntries(npmOutdated).filter(
+    (entry) => entry[1].current != null
+  ).map(([name2, overview]) => ({
+    name: name2,
+    current: overview.current,
+    latest: overview.latest,
+    type: overview.type,
+    ...overview.homepage != null && { url: overview.homepage }
+  }));
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/npm/npm.ts
+var npmDependencyOptions = {
+  prod: ["--omit=dev", "--omit=optional"],
+  dev: ["--include=dev", "--omit=optional"],
+  optional: ["--include=optional", "--omit=dev"]
+};
+var npmPackageManager = {
+  slug: "npm",
+  name: "NPM",
+  command: "npm",
+  icon: "npm",
+  docs: {
+    homepage: "https://docs.npmjs.com/",
+    audit: "https://docs.npmjs.com/cli/commands/npm-audit",
+    outdated: "https://docs.npmjs.com/cli/commands/npm-outdated"
+  },
+  audit: {
+    getCommandArgs: (groupDep) => [
+      ...COMMON_AUDIT_ARGS,
+      ...npmDependencyOptions[groupDep],
+      "--audit-level=none"
+    ],
+    unifyResult: npmToAuditResult,
+    // prod dependencies need to be filtered out manually since v10
+    postProcessResult: (results) => ({
+      prod: results.prod,
+      dev: filterAuditResult(results.dev, "name", results.prod),
+      optional: filterAuditResult(results.optional, "name", results.prod)
+    })
+  },
+  outdated: {
+    commandArgs: [...COMMON_OUTDATED_ARGS, "--long"],
+    unifyResult: npmToOutdatedResult
+  }
+};
+
+// packages/plugin-js-packages/src/lib/runner/audit/utils.ts
+function getVulnerabilitiesTotal(summary) {
+  return Object.values(summary).reduce((acc, value) => acc + value, 0);
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/pnpm/audit-result.ts
+function pnpmToAuditResult(output) {
+  const pnpmResult = JSON.parse(output);
+  const vulnerabilities = Object.values(pnpmResult.advisories).map(
+    ({
+      module_name: name2,
+      id,
+      title,
+      url,
+      severity,
+      vulnerable_versions: versionRange,
+      recommendation: fixInformation,
+      findings
+    }) => {
+      const path = findings[0]?.paths[0];
+      return {
+        name: name2,
+        id,
+        title,
+        url,
+        severity,
+        versionRange,
+        directDependency: path == null ? true : pnpmToDirectDependency(path),
+        fixInformation
+      };
+    }
+  );
+  return {
+    vulnerabilities,
+    summary: {
+      ...pnpmResult.metadata.vulnerabilities,
+      total: getVulnerabilitiesTotal(pnpmResult.metadata.vulnerabilities)
+    }
+  };
+}
+function pnpmToDirectDependency(path) {
+  const deps = path.split(" > ").slice(1);
+  if (deps.length <= 1) {
+    return true;
+  }
+  return deps[0]?.split("@")[0] ?? true;
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/pnpm/outdated-result.ts
+function pnpmToOutdatedResult(output) {
+  const pnpmOutdated = JSON.parse(output);
+  return objectToEntries(pnpmOutdated).map(
+    ([name2, { current, latest, dependencyType: type }]) => ({
+      name: name2,
+      current,
+      latest,
+      type
+    })
+  );
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/pnpm/pnpm.ts
+var pnpmDependencyOptions = {
+  prod: ["--prod", "--no-optional"],
+  dev: ["--dev", "--no-optional"],
+  optional: []
+};
+var pnpmPackageManager = {
+  slug: "pnpm",
+  name: "pnpm",
+  command: "pnpm",
+  icon: "pnpm",
+  docs: {
+    homepage: "https://pnpm.io/pnpm-cli",
+    audit: "https://pnpm.io/cli/audit/",
+    outdated: "https://pnpm.io/cli/outdated"
+  },
+  audit: {
+    getCommandArgs: (groupDep) => [
+      ...COMMON_AUDIT_ARGS,
+      ...pnpmDependencyOptions[groupDep]
+    ],
+    ignoreExitCode: true,
+    unifyResult: pnpmToAuditResult,
+    // optional dependencies don't have an exclusive option so they need duplicates filtered out
+    postProcessResult: (results) => ({
+      prod: results.prod,
+      dev: results.dev,
+      optional: filterAuditResult(
+        filterAuditResult(results.optional, "id", results.prod),
+        "id",
+        results.dev
+      )
+    })
+  },
+  outdated: {
+    commandArgs: COMMON_OUTDATED_ARGS,
+    unifyResult: pnpmToOutdatedResult
+  }
+};
+
+// packages/plugin-js-packages/src/lib/package-managers/yarn-classic/audit-result.ts
+function yarnv1ToAuditResult(output) {
+  const yarnv1Result = fromJsonLines(output);
+  const [yarnv1Advisory, yarnv1Summary] = validateYarnv1Result(yarnv1Result);
+  const vulnerabilities = yarnv1Advisory.map(
+    ({ data: { resolution, advisory } }) => {
+      const { id, path } = resolution;
+      const directDependency = path.slice(0, path.indexOf(">"));
+      const {
+        module_name: name2,
+        title,
+        url,
+        severity,
+        vulnerable_versions: versionRange,
+        recommendation: fixInformation
+      } = advisory;
+      return {
+        name: name2,
+        title,
+        id,
+        url,
+        severity,
+        versionRange,
+        directDependency: name2 === directDependency ? true : directDependency,
+        fixInformation
+      };
+    }
+  );
+  const summary = {
+    ...yarnv1Summary.data.vulnerabilities,
+    total: Object.values(yarnv1Summary.data.vulnerabilities).reduce(
+      (acc, amount) => acc + amount,
+      0
+    )
+  };
+  return filterAuditResult({ vulnerabilities, summary }, "id");
+}
+function validateYarnv1Result(result) {
+  const summary = result.at(-1);
+  if (summary?.type !== "auditSummary") {
+    throw new Error("Invalid Yarn v1 audit result - no summary found.");
+  }
+  const vulnerabilities = result.filter(
+    (item) => item.type === "auditAdvisory"
+  );
+  return [vulnerabilities, summary];
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/yarn-classic/outdated-result.ts
+function yarnv1ToOutdatedResult(output) {
+  const yarnv1Outdated = fromJsonLines(output);
+  const dependencies = yarnv1Outdated[1].data.body;
+  return dependencies.map(([name2, current, _, latest, __, type, url]) => ({
+    name: name2,
+    current,
+    latest,
+    type,
+    url
+  }));
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/yarn-classic/yarn-classic.ts
+var yarnv1PackageManager = {
+  slug: "yarn-classic",
+  name: "Yarn v1",
+  command: "yarn",
+  icon: "yarn",
+  docs: {
+    homepage: "https://classic.yarnpkg.com/docs/",
+    audit: "https://classic.yarnpkg.com/docs/cli/audit",
+    outdated: "https://classic.yarnpkg.com/docs/cli/outdated/"
+  },
+  audit: {
+    getCommandArgs: (groupDep) => [
+      ...COMMON_AUDIT_ARGS,
+      "--groups",
+      dependencyGroupToLong[groupDep]
+    ],
+    ignoreExitCode: true,
+    unifyResult: yarnv1ToAuditResult
+  },
+  outdated: {
+    commandArgs: COMMON_OUTDATED_ARGS,
+    unifyResult: yarnv1ToOutdatedResult
+  }
+};
+
+// packages/plugin-js-packages/src/lib/package-managers/yarn-modern/audit-result.ts
+function yarnv2ToAuditResult(output) {
+  const yarnv2Audit = JSON.parse(output);
+  const vulnerabilities = Object.values(yarnv2Audit.advisories).map(
+    ({
+      module_name: name2,
+      severity,
+      title,
+      url,
+      vulnerable_versions: versionRange,
+      recommendation: fixInformation,
+      findings
+    }) => {
+      const directDep = findings[0]?.paths[0];
+      return {
+        name: name2,
+        severity,
+        title,
+        url,
+        versionRange,
+        fixInformation,
+        directDependency: directDep != null && directDep !== name2 ? directDep : true
+      };
+    }
+  );
+  return {
+    vulnerabilities,
+    summary: {
+      ...yarnv2Audit.metadata.vulnerabilities,
+      total: getVulnerabilitiesTotal(yarnv2Audit.metadata.vulnerabilities)
+    }
+  };
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/yarn-modern/outdated-result.ts
+function yarnv2ToOutdatedResult(output) {
+  const npmOutdated = JSON.parse(output);
+  return npmOutdated.map(({ name: name2, current, latest, type }) => ({
+    name: name2,
+    current,
+    latest,
+    type
+  }));
+}
+
+// packages/plugin-js-packages/src/lib/package-managers/yarn-modern/yarn-modern.ts
+var yarnv2EnvironmentOptions = {
+  prod: "production",
+  dev: "development",
+  optional: ""
+};
+var yarnv2PackageManager = {
+  slug: "yarn-modern",
+  name: "yarn-modern",
+  command: "yarn",
+  icon: "yarn",
+  docs: {
+    homepage: "https://yarnpkg.com/getting-started",
+    audit: "https://yarnpkg.com/cli/npm/audit",
+    outdated: "https://github.com/mskelton/yarn-plugin-outdated"
+  },
+  audit: {
+    getCommandArgs: (groupDep) => [
+      "npm",
+      ...COMMON_AUDIT_ARGS,
+      "--environment",
+      yarnv2EnvironmentOptions[groupDep]
+    ],
+    supportedDepGroups: ["prod", "dev"],
+    // Yarn v2 does not support audit for optional dependencies
+    unifyResult: yarnv2ToAuditResult
+  },
+  outdated: {
+    commandArgs: COMMON_OUTDATED_ARGS,
+    unifyResult: yarnv2ToOutdatedResult
+  }
+};
+
+// packages/plugin-js-packages/src/lib/package-managers/package-managers.ts
+var packageManagers = {
+  npm: npmPackageManager,
+  "yarn-classic": yarnv1PackageManager,
+  "yarn-modern": yarnv2PackageManager,
+  pnpm: pnpmPackageManager
+};
+
+// packages/plugin-js-packages/src/lib/runner/index.ts
+import { writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+
 // packages/plugin-js-packages/src/lib/runner/constants.ts
 import { join as join2 } from "node:path";
 var WORKDIR = pluginWorkDir("js-packages");
@@ -826,8 +1245,9 @@ async function createRunnerConfig(scriptPath, config) {
 // packages/plugin-js-packages/src/lib/js-packages-plugin.ts
 async function jsPackagesPlugin(config) {
   const jsPackagesPluginConfig = jsPackagesPluginConfigSchema.parse(config);
-  const pkgManager = jsPackagesPluginConfig.packageManager;
   const checks = [...new Set(jsPackagesPluginConfig.checks)];
+  const id = jsPackagesPluginConfig.packageManager;
+  const pm = packageManagers[id];
   const runnerScriptPath = join3(
     fileURLToPath(dirname2(import.meta.url)),
     "bin.js"
@@ -835,81 +1255,61 @@ async function jsPackagesPlugin(config) {
   return {
     slug: "js-packages",
     title: "JS Packages",
-    icon: pkgManagerIcons[pkgManager],
+    icon: pm.icon,
     description: "This plugin runs audit to uncover vulnerabilities and lists outdated dependencies. It supports npm, yarn classic, yarn modern, and pnpm package managers.",
-    docsUrl: pkgManagerDocs[pkgManager],
+    docsUrl: pm.docs.homepage,
     packageName: name,
     version,
-    audits: createAudits(pkgManager, checks),
-    groups: createGroups(pkgManager, checks),
+    audits: createAudits(id, checks),
+    groups: createGroups(id, checks),
     runner: await createRunnerConfig(runnerScriptPath, jsPackagesPluginConfig)
   };
 }
-function createGroups(pkgManager, checks) {
+function createGroups(id, checks) {
+  const pm = packageManagers[id];
+  const supportedAuditDepGroups = pm.audit.supportedDepGroups ?? dependencyGroups;
   const groups = {
     audit: {
-      slug: `${pkgManager}-audit`,
-      title: `${pkgManagerNames[pkgManager]} audit`,
-      description: `Group containing ${pkgManagerNames[pkgManager]} vulnerabilities.`,
-      docsUrl: auditDocs[pkgManager],
-      refs: [
-        // eslint-disable-next-line no-magic-numbers
-        { slug: `${pkgManager}-audit-prod`, weight: 3 },
-        { slug: `${pkgManager}-audit-dev`, weight: 1 },
-        // Yarn v2 does not support audit for optional dependencies
-        ...pkgManager === "yarn-modern" ? [] : [
-          {
-            slug: `${pkgManager}-audit-optional`,
-            weight: 1
-          }
-        ]
-      ]
+      slug: `${pm.slug}-audit`,
+      title: `${pm.name} audit`,
+      description: `Group containing ${pm.name} vulnerabilities.`,
+      docsUrl: pm.docs.audit,
+      refs: supportedAuditDepGroups.map((depGroup) => ({
+        slug: `${pm.slug}-audit-${depGroup}`,
+        weight: dependencyGroupWeights[depGroup]
+      }))
     },
     outdated: {
-      slug: `${pkgManager}-outdated`,
-      title: `${pkgManagerNames[pkgManager]} outdated dependencies`,
-      description: `Group containing outdated ${pkgManagerNames[pkgManager]} dependencies.`,
-      docsUrl: outdatedDocs[pkgManager],
-      refs: [
-        // eslint-disable-next-line no-magic-numbers
-        { slug: `${pkgManager}-outdated-prod`, weight: 3 },
-        { slug: `${pkgManager}-outdated-dev`, weight: 1 },
-        { slug: `${pkgManager}-outdated-optional`, weight: 1 }
-      ]
+      slug: `${pm.slug}-outdated`,
+      title: `${pm.name} outdated dependencies`,
+      description: `Group containing outdated ${pm.name} dependencies.`,
+      docsUrl: pm.docs.outdated,
+      refs: dependencyGroups.map((depGroup) => ({
+        slug: `${pm.slug}-outdated-${depGroup}`,
+        weight: dependencyGroupWeights[depGroup]
+      }))
     }
   };
   return checks.map((check) => groups[check]);
 }
-function createAudits(pkgManager, checks) {
-  return checks.flatMap((check) => [
-    {
-      slug: `${pkgManager}-${check}-prod`,
-      title: getAuditTitle(pkgManager, check, "prod"),
-      description: getAuditDescription(check, "prod"),
-      docsUrl: dependencyDocs.prod
-    },
-    {
-      slug: `${pkgManager}-${check}-dev`,
-      title: getAuditTitle(pkgManager, check, "dev"),
-      description: getAuditDescription(check, "dev"),
-      docsUrl: dependencyDocs.dev
-    },
-    // Yarn v2 does not support audit for optional dependencies
-    ...pkgManager === "yarn-modern" && check === "audit" ? [] : [
-      {
-        slug: `${pkgManager}-${check}-optional`,
-        title: getAuditTitle(pkgManager, check, "optional"),
-        description: getAuditDescription(check, "optional"),
-        docsUrl: dependencyDocs.optional
-      }
-    ]
-  ]);
+function createAudits(id, checks) {
+  const { slug } = packageManagers[id];
+  return checks.flatMap((check) => {
+    const supportedDepGroups = check === "audit" ? packageManagers[id].audit.supportedDepGroups ?? dependencyGroups : dependencyGroups;
+    return supportedDepGroups.map((depGroup) => ({
+      slug: `${slug}-${check}-${depGroup}`,
+      title: getAuditTitle(slug, check, depGroup),
+      description: getAuditDescription(check, depGroup),
+      docsUrl: dependencyDocs[depGroup]
+    }));
+  });
 }
-function getAuditTitle(pkgManager, check, dependencyType) {
-  return check === "audit" ? `Vulnerabilities for ${pkgManagerNames[pkgManager]} ${dependencyType} dependencies.` : `Outdated ${pkgManagerNames[pkgManager]} ${dependencyType} dependencies.`;
+function getAuditTitle(id, check, depGroup) {
+  const pm = packageManagers[id];
+  return check === "audit" ? `Vulnerabilities for ${pm.name} ${depGroup} dependencies.` : `Outdated ${pm.name} ${depGroup} dependencies.`;
 }
-function getAuditDescription(check, dependencyType) {
-  return check === "audit" ? `Runs security audit on ${dependencyType} dependencies.` : `Checks for outdated ${dependencyType} dependencies`;
+function getAuditDescription(check, depGroup) {
+  return check === "audit" ? `Runs security audit on ${depGroup} dependencies.` : `Checks for outdated ${depGroup} dependencies`;
 }
 
 // packages/plugin-js-packages/src/index.ts