npm-audit-report-cli 1.0.0

package/dist/cli.d.cts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/cli.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/cli.js

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+import {
+  ParseError,
+  format,
+  parse,
+  shouldFail
+} from "./chunk-L2D2NQGH.js";
+
+// src/cli.ts
+import { readFileSync, writeFileSync, existsSync } from "fs";
+var VERSION = "1.0.0";
+var VALID_FORMATS = ["markdown", "html", "sarif", "annotations"];
+var VALID_SEVERITIES = ["critical", "high", "moderate", "low", "info"];
+var VALID_FAIL_ON = ["critical", "high", "moderate", "low", "info", "none"];
+function printHelp() {
+  const help = `audit-report v${VERSION}
+
+Convert npm audit JSON to Markdown, HTML, SARIF, or GitHub annotations.
+
+Usage:
+  npm audit --json | audit-report [options]
+  audit-report --file audit.json [options]
+
+Options:
+  -f, --format <fmt>       Output format: markdown|html|sarif|annotations (default: markdown)
+  -o, --output <path>      Write to file instead of stdout
+  -s, --severity <sev>     Minimum severity to include: critical|high|moderate|low|info (default: low)
+      --fail-on <sev>      Exit 1 if findings at/above this severity: critical|high|moderate|low|info|none (default: high)
+      --file <path>        Read audit JSON from file (default: stdin)
+      --title <text>       Report title (default: "npm audit report")
+      --template <path>    Custom markdown template (reserved; not yet implemented)
+      --no-color           Disable colored output (no-op)
+  -q, --quiet              Suppress non-essential stderr output
+  -v, --version            Print version and exit
+  -h, --help               Print this help and exit
+
+Exit codes:
+  0  success, no findings at/above --fail-on threshold
+  1  findings at/above --fail-on threshold
+  2  invalid input (bad JSON, unrecognized schema)
+  3  --file not found
+`;
+  process.stdout.write(help);
+}
+function isFormat(s) {
+  return VALID_FORMATS.includes(s);
+}
+function isSeverity(s) {
+  return VALID_SEVERITIES.includes(s);
+}
+function isFailOn(s) {
+  return VALID_FAIL_ON.includes(s);
+}
+function fail(msg, code) {
+  process.stderr.write(`audit-report: ${msg}
+`);
+  process.exit(code);
+}
+function parseArgs(argv) {
+  const args = {
+    format: "markdown",
+    severity: "low",
+    failOn: "high",
+    title: "npm audit report",
+    quiet: false
+  };
+  const take = (i, flag) => {
+    const v = argv[i + 1];
+    if (v === void 0 || v.startsWith("-")) fail(`missing value for ${flag}`, 2);
+    return v;
+  };
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === void 0) continue;
+    switch (a) {
+      case "-h":
+      case "--help":
+        printHelp();
+        process.exit(0);
+        break;
+      case "-v":
+      case "--version":
+        process.stdout.write(`${VERSION}
+`);
+        process.exit(0);
+        break;
+      case "-f":
+      case "--format": {
+        const v = take(i, a);
+        if (!isFormat(v)) fail(`invalid format: ${v}`, 2);
+        args.format = v;
+        i++;
+        break;
+      }
+      case "-o":
+      case "--output":
+        args.output = take(i, a);
+        i++;
+        break;
+      case "-s":
+      case "--severity": {
+        const v = take(i, a);
+        if (!isSeverity(v)) fail(`invalid severity: ${v}`, 2);
+        args.severity = v;
+        i++;
+        break;
+      }
+      case "--fail-on": {
+        const v = take(i, a);
+        if (!isFailOn(v)) fail(`invalid fail-on: ${v}`, 2);
+        args.failOn = v;
+        i++;
+        break;
+      }
+      case "--file":
+        args.file = take(i, a);
+        i++;
+        break;
+      case "--title":
+        args.title = take(i, a);
+        i++;
+        break;
+      case "--template":
+        args.template = take(i, a);
+        i++;
+        break;
+      case "--no-color":
+        break;
+      case "-q":
+      case "--quiet":
+        args.quiet = true;
+        break;
+      default:
+        fail(`unknown argument: ${a}`, 2);
+    }
+  }
+  return args;
+}
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+  }
+  return Buffer.concat(chunks).toString("utf8");
+}
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  let input;
+  if (args.file) {
+    if (!existsSync(args.file)) fail(`file not found: ${args.file}`, 3);
+    try {
+      input = readFileSync(args.file, "utf8");
+    } catch (e) {
+      fail(`could not read file: ${args.file}`, 3);
+    }
+  } else {
+    if (process.stdin.isTTY) {
+      fail(
+        "no input. Pipe `npm audit --json` to this command or use --file <path>. Run with --help for usage.",
+        1
+      );
+    }
+    input = await readStdin();
+  }
+  let report;
+  try {
+    report = parse(input);
+  } catch (e) {
+    const msg = e instanceof ParseError ? e.message : "failed to parse input";
+    fail(msg, 2);
+  }
+  if (args.template && !args.quiet) {
+    process.stderr.write("audit-report: --template is reserved for future use and is being ignored\n");
+  }
+  const opts = {
+    format: args.format,
+    severity: args.severity,
+    failOn: args.failOn,
+    title: args.title
+  };
+  const output = format(report, opts);
+  if (args.output) {
+    writeFileSync(args.output, output, "utf8");
+  } else {
+    process.stdout.write(output);
+    if (!output.endsWith("\n")) process.stdout.write("\n");
+  }
+  if (shouldFail(report, args.failOn)) {
+    process.exit(1);
+  }
+  process.exit(0);
+}
+main().catch((e) => {
+  process.stderr.write(`audit-report: ${e instanceof Error ? e.message : String(e)}
+`);
+  process.exit(2);
+});