npmguard-cli 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/audit-source.d.ts
CHANGED
package/dist/commands/install.js
CHANGED
|
@@ -361,8 +361,8 @@ export async function installCommand(packageSpec, auditSource, force = false) {
|
|
|
361
361
|
else if (audit.verdict === "WARNING") {
|
|
362
362
|
console.log(chalk.yellow(` WARNING (score: ${audit.score})`));
|
|
363
363
|
}
|
|
364
|
-
else if (audit.verdict === "CRITICAL") {
|
|
365
|
-
console.log(chalk.red(`
|
|
364
|
+
else if (audit.verdict === "CRITICAL" || audit.verdict === "DANGEROUS") {
|
|
365
|
+
console.log(chalk.red(` DANGEROUS (score: ${audit.score})`));
|
|
366
366
|
}
|
|
367
367
|
if (audit.capabilities.length > 0) {
|
|
368
368
|
console.log(chalk.gray(` Capabilities: ${audit.capabilities.join(", ")}`));
|
|
@@ -371,8 +371,8 @@ export async function installCommand(packageSpec, auditSource, force = false) {
|
|
|
371
371
|
console.log(chalk.gray(` Report: ${IPFS_GATEWAY}/${audit.reportCid}`));
|
|
372
372
|
}
|
|
373
373
|
console.log();
|
|
374
|
-
// Block CRITICAL unless --force
|
|
375
|
-
if (audit.verdict === "CRITICAL" && !force) {
|
|
374
|
+
// Block CRITICAL/DANGEROUS unless --force
|
|
375
|
+
if ((audit.verdict === "CRITICAL" || audit.verdict === "DANGEROUS") && !force) {
|
|
376
376
|
console.log(chalk.red.bold(" Installation blocked. This package has critical security issues."));
|
|
377
377
|
console.log(chalk.gray(" Use --force to install anyway."));
|
|
378
378
|
console.log();
|