@manojkmfsi/monodog 1.1.16 → 1.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/utils/health-utils.js +2 -2
- package/dist/utils/monorepo-scanner.js +46 -7
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -20,8 +20,8 @@ function calculatePackageHealth(buildStatus, testCoverage, lintStatus, securityA
|
|
|
20
20
|
default:
|
|
21
21
|
score += 10;
|
|
22
22
|
}
|
|
23
|
-
// Test coverage (25 points)
|
|
24
|
-
score += Math.min(25, (testCoverage / 100) * 25);
|
|
23
|
+
// Test coverage (25 points) Note: test coverage is currently not calculated
|
|
24
|
+
score += 25; //Math.min(25, (testCoverage / 100) * 25);
|
|
25
25
|
// Lint status (25 points)
|
|
26
26
|
switch (lintStatus) {
|
|
27
27
|
case 'pass':
|
|
@@ -219,17 +219,56 @@ class MonorepoScanner {
|
|
|
219
219
|
*/
|
|
220
220
|
async checkSecurityAudit(pkg) {
|
|
221
221
|
try {
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
222
|
+
const audit = await this.runPnpmAudit(pkg.path);
|
|
223
|
+
// Extract paths from audit report
|
|
224
|
+
if (audit && audit.advisories) {
|
|
225
|
+
for (const key in audit.advisories) {
|
|
226
|
+
const advisory = audit.advisories[key];
|
|
227
|
+
for (const k in advisory.findings) {
|
|
228
|
+
if (advisory.findings[k].paths && Array.isArray(advisory.findings[k].paths)) {
|
|
229
|
+
for (const pathStr of advisory.findings[k].paths) {
|
|
230
|
+
// Extract the first segment of the path (the top-level package)
|
|
231
|
+
const topPkg = pathStr.split(">")[0].trim();
|
|
232
|
+
const normalizedShort = path_1.default.normalize(topPkg);
|
|
233
|
+
const normalizedFull = path_1.default.normalize(pkg.path);
|
|
234
|
+
if (normalizedFull.endsWith(normalizedShort)) {
|
|
235
|
+
// Break early if we found a match
|
|
236
|
+
return 'fail';
|
|
237
|
+
}
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
return 'pass';
|
|
244
|
+
}
|
|
245
|
+
catch (error) {
|
|
246
|
+
return 'unknown';
|
|
247
|
+
}
|
|
248
|
+
}
|
|
249
|
+
/**
|
|
250
|
+
* Executes 'pnpm audit' safely.
|
|
251
|
+
*/
|
|
252
|
+
async runPnpmAudit(packagePath) {
|
|
253
|
+
try {
|
|
254
|
+
const stdout = (0, child_process_1.execSync)('pnpm audit --json', {
|
|
255
|
+
cwd: packagePath,
|
|
256
|
+
stdio: ['pipe', 'pipe', 'pipe'], // Ensure pipes are set to capture output
|
|
226
257
|
timeout: 15000,
|
|
258
|
+
encoding: 'utf8',
|
|
227
259
|
});
|
|
228
|
-
|
|
229
|
-
return audit.metadata.vulnerabilities.total === 0 ? 'pass' : 'fail';
|
|
260
|
+
return JSON.parse(stdout);
|
|
230
261
|
}
|
|
231
262
|
catch (error) {
|
|
232
|
-
|
|
263
|
+
if (error.stdout) {
|
|
264
|
+
try {
|
|
265
|
+
return JSON.parse(error.stdout.toString());
|
|
266
|
+
}
|
|
267
|
+
catch (parseError) {
|
|
268
|
+
throw new Error(`Failed to parse audit JSON: ${parseError}`);
|
|
269
|
+
}
|
|
270
|
+
}
|
|
271
|
+
throw new Error(`pnpm audit failed: ${error.message}`);
|
|
233
272
|
}
|
|
234
273
|
}
|
|
235
274
|
/**
|