@pnpm/deps.compliance.commands 1101.2.8 → 1101.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/audit/audit.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { checkbox, Separator } from '@inquirer/prompts';
|
|
2
|
+
import { docsUrl, interactivePromptPageSize, TABLE_OPTIONS } from '@pnpm/cli.utils';
|
|
2
3
|
import { types as allTypes } from '@pnpm/config.reader';
|
|
3
4
|
import { audit, normalizeGhsaId } from '@pnpm/deps.compliance.audit';
|
|
4
5
|
import { PnpmError } from '@pnpm/error';
|
|
@@ -7,7 +8,6 @@ import { globalInfo } from '@pnpm/logger';
|
|
|
7
8
|
import { createGetAuthHeaderByURI } from '@pnpm/network.auth-header';
|
|
8
9
|
import { table } from '@zkochan/table';
|
|
9
10
|
import chalk, {} from 'chalk';
|
|
10
|
-
import enquirer from 'enquirer';
|
|
11
11
|
import { pick, pickBy } from 'ramda';
|
|
12
12
|
import { renderHelp } from 'render-help';
|
|
13
13
|
import { createAuditNetworkOptions, loadAuditContext } from './auditContext.js';
|
|
@@ -386,65 +386,61 @@ function filterAdvisoriesForFix(advisories, opts) {
|
|
|
386
386
|
}));
|
|
387
387
|
}
|
|
388
388
|
async function interactiveAuditFix(auditReport) {
|
|
389
|
-
const
|
|
390
|
-
if (
|
|
389
|
+
const choiceGroups = getAuditFixChoices(Object.values(auditReport.advisories));
|
|
390
|
+
if (choiceGroups.length === 0) {
|
|
391
391
|
return auditReport;
|
|
392
392
|
}
|
|
393
|
-
const
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
message: 'Choose which vulnerabilities to fix ' +
|
|
400
|
-
`(Press ${chalk.cyan('<space>')} to select, ` +
|
|
401
|
-
`${chalk.cyan('<a>')} to toggle all, ` +
|
|
402
|
-
`${chalk.cyan('<i>')} to invert selection)`,
|
|
403
|
-
name: 'selectedVulnerabilities',
|
|
404
|
-
pointer: '❯',
|
|
405
|
-
result() {
|
|
406
|
-
return this.selected;
|
|
407
|
-
},
|
|
408
|
-
format() {
|
|
409
|
-
if (!this.state.submitted || this.state.cancelled)
|
|
410
|
-
return '';
|
|
411
|
-
if (Array.isArray(this.selected)) {
|
|
412
|
-
return this.selected
|
|
413
|
-
.filter((choice) => !/^\[.+\]$/.test(choice.name))
|
|
414
|
-
.map((choice) => this.styles.primary(choice.name)).join(', ');
|
|
393
|
+
const flatChoices = [];
|
|
394
|
+
for (const group of choiceGroups) {
|
|
395
|
+
flatChoices.push(new Separator(chalk.bold(`── ${group.message} ──`)));
|
|
396
|
+
for (const choice of group.choices) {
|
|
397
|
+
if (choice.disabled) {
|
|
398
|
+
flatChoices.push(new Separator(` ${choice.message ?? choice.name}`));
|
|
415
399
|
}
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
success: chalk.reset,
|
|
422
|
-
},
|
|
423
|
-
type: 'multiselect',
|
|
424
|
-
validate(value) {
|
|
425
|
-
if (value.length === 0) {
|
|
426
|
-
return 'You must choose at least one vulnerability.';
|
|
400
|
+
else {
|
|
401
|
+
flatChoices.push({
|
|
402
|
+
name: choice.message,
|
|
403
|
+
value: choice.value,
|
|
404
|
+
});
|
|
427
405
|
}
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
},
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
406
|
+
}
|
|
407
|
+
}
|
|
408
|
+
const message = 'Choose which vulnerabilities to fix ' +
|
|
409
|
+
`(Press ${chalk.cyan('<space>')} to select, ` +
|
|
410
|
+
`${chalk.cyan('<a>')} to toggle all, ` +
|
|
411
|
+
`${chalk.cyan('<i>')} to invert selection)\n\nEnter to start fixing. Ctrl-c to cancel.`;
|
|
412
|
+
let selectedKeys;
|
|
413
|
+
try {
|
|
414
|
+
selectedKeys = await checkbox({
|
|
415
|
+
choices: flatChoices,
|
|
416
|
+
pageSize: interactivePromptPageSize(),
|
|
417
|
+
message,
|
|
418
|
+
required: true,
|
|
419
|
+
validate: (values) => {
|
|
420
|
+
if (values.length === 0) {
|
|
421
|
+
return 'You must choose at least one vulnerability.';
|
|
422
|
+
}
|
|
423
|
+
return true;
|
|
424
|
+
},
|
|
425
|
+
theme: {
|
|
426
|
+
icon: { checked: '●', unchecked: '○', cursor: '❯' },
|
|
427
|
+
style: {
|
|
428
|
+
highlight: (text) => text,
|
|
429
|
+
},
|
|
430
|
+
keybindings: ['vim'],
|
|
431
|
+
},
|
|
432
|
+
});
|
|
433
|
+
}
|
|
434
|
+
catch (err) {
|
|
435
|
+
if (err instanceof Error && err.name === 'ExitPromptError') {
|
|
441
436
|
globalInfo('Audit fix canceled');
|
|
442
437
|
process.exit(0);
|
|
443
|
-
}
|
|
444
|
-
|
|
445
|
-
|
|
438
|
+
}
|
|
439
|
+
throw err;
|
|
440
|
+
}
|
|
441
|
+
const selectedKeySet = new Set(selectedKeys);
|
|
446
442
|
const selectedAdvisories = Object.fromEntries(Object.entries(auditReport.advisories)
|
|
447
|
-
.filter(([, advisory]) =>
|
|
443
|
+
.filter(([, advisory]) => selectedKeySet.has(`${advisory.module_name}@${advisory.vulnerable_versions}`)));
|
|
448
444
|
return { ...auditReport, advisories: selectedAdvisories };
|
|
449
445
|
}
|
|
450
446
|
//# sourceMappingURL=audit.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/deps.compliance.commands",
|
|
3
|
-
"version": "1101.
|
|
3
|
+
"version": "1101.3.0",
|
|
4
4
|
"description": "pnpm commands for audit, licenses, and sbom",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -27,44 +27,43 @@
|
|
|
27
27
|
"!*.map"
|
|
28
28
|
],
|
|
29
29
|
"dependencies": {
|
|
30
|
+
"@inquirer/prompts": "^8.4.3",
|
|
30
31
|
"@zkochan/table": "^2.0.1",
|
|
31
32
|
"chalk": "^5.6.2",
|
|
32
|
-
"enquirer": "^2.4.1",
|
|
33
33
|
"memoize": "^10.2.0",
|
|
34
34
|
"ramda": "npm:@pnpm/ramda@0.28.1",
|
|
35
35
|
"render-help": "^2.0.0",
|
|
36
36
|
"semver": "^7.8.1",
|
|
37
37
|
"@pnpm/cli.command": "1100.0.1",
|
|
38
38
|
"@pnpm/cli.common-cli-options-help": "1100.0.1",
|
|
39
|
+
"@pnpm/cli.utils": "1101.0.8",
|
|
39
40
|
"@pnpm/cli.meta": "1100.0.5",
|
|
40
|
-
"@pnpm/config.
|
|
41
|
+
"@pnpm/config.pick-registry-for-package": "1100.0.6",
|
|
42
|
+
"@pnpm/config.reader": "1101.5.0",
|
|
41
43
|
"@pnpm/config.writer": "1100.0.10",
|
|
42
|
-
"@pnpm/deps.compliance.audit": "1101.0.10",
|
|
43
44
|
"@pnpm/constants": "1100.0.0",
|
|
45
|
+
"@pnpm/deps.compliance.audit": "1101.0.11",
|
|
44
46
|
"@pnpm/deps.compliance.license-resolver": "1100.0.0",
|
|
45
|
-
"@pnpm/config.pick-registry-for-package": "1100.0.6",
|
|
46
|
-
"@pnpm/deps.compliance.sbom": "1100.1.5",
|
|
47
47
|
"@pnpm/deps.compliance.license-scanner": "1100.0.15",
|
|
48
|
+
"@pnpm/deps.compliance.sbom": "1100.1.5",
|
|
49
|
+
"@pnpm/deps.security.signatures": "1101.1.5",
|
|
48
50
|
"@pnpm/error": "1100.0.0",
|
|
49
|
-
"@pnpm/installing.commands": "1100.6.0",
|
|
50
|
-
"@pnpm/deps.security.signatures": "1101.1.4",
|
|
51
51
|
"@pnpm/lockfile.fs": "1100.1.2",
|
|
52
52
|
"@pnpm/lockfile.types": "1100.0.8",
|
|
53
|
-
"@pnpm/
|
|
53
|
+
"@pnpm/installing.commands": "1100.7.0",
|
|
54
|
+
"@pnpm/lockfile.utils": "1100.0.10",
|
|
54
55
|
"@pnpm/lockfile.walker": "1100.0.8",
|
|
55
56
|
"@pnpm/network.auth-header": "1101.0.0",
|
|
56
|
-
"@pnpm/object.key-sorting": "1100.0.0",
|
|
57
57
|
"@pnpm/store.path": "1100.0.1",
|
|
58
|
+
"@pnpm/object.key-sorting": "1100.0.0",
|
|
58
59
|
"@pnpm/types": "1101.2.0",
|
|
59
|
-
"@pnpm/workspace.project-manifest-reader": "1100.0.9"
|
|
60
|
-
"@pnpm/lockfile.utils": "1100.0.10"
|
|
60
|
+
"@pnpm/workspace.project-manifest-reader": "1100.0.9"
|
|
61
61
|
},
|
|
62
62
|
"peerDependencies": {
|
|
63
63
|
"@pnpm/logger": "^1001.0.1"
|
|
64
64
|
},
|
|
65
65
|
"devDependencies": {
|
|
66
66
|
"@jest/globals": "30.3.0",
|
|
67
|
-
"@pnpm/registry-mock": "6.0.0",
|
|
68
67
|
"@types/ramda": "0.31.1",
|
|
69
68
|
"@types/semver": "7.7.1",
|
|
70
69
|
"@types/zkochan__table": "npm:@types/table@6.0.0",
|
|
@@ -72,15 +71,15 @@
|
|
|
72
71
|
"nock": "13.3.4",
|
|
73
72
|
"read-yaml-file": "^3.0.0",
|
|
74
73
|
"tempy": "3.0.0",
|
|
74
|
+
"@pnpm/deps.compliance.commands": "1101.3.0",
|
|
75
75
|
"@pnpm/logger": "1100.0.0",
|
|
76
76
|
"@pnpm/pkg-manifest.reader": "1100.0.5",
|
|
77
|
-
"@pnpm/prepare": "1100.0.
|
|
77
|
+
"@pnpm/prepare": "1100.0.12",
|
|
78
78
|
"@pnpm/test-fixtures": "1100.0.0",
|
|
79
|
-
"@pnpm/testing.
|
|
80
|
-
"@pnpm/testing.
|
|
81
|
-
"@pnpm/
|
|
82
|
-
"@pnpm/
|
|
83
|
-
"@pnpm/deps.compliance.commands": "1101.2.8"
|
|
79
|
+
"@pnpm/testing.command-defaults": "1100.0.2",
|
|
80
|
+
"@pnpm/testing.mock-agent": "1100.0.8",
|
|
81
|
+
"@pnpm/testing.registry-mock": "1100.0.2",
|
|
82
|
+
"@pnpm/workspace.projects-filter": "1100.0.17"
|
|
84
83
|
},
|
|
85
84
|
"engines": {
|
|
86
85
|
"node": ">=22.13"
|