npmguard-cli 0.5.4 → 0.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/install.js +32 -9
- package/package.json +1 -1
package/dist/commands/install.js
CHANGED
|
@@ -18,7 +18,7 @@ const ogGalileo = defineChain({
|
|
|
18
18
|
});
|
|
19
19
|
const IPFS_GATEWAY = "https://gateway.pinata.cloud/ipfs";
|
|
20
20
|
const ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
|
|
21
|
-
const
|
|
21
|
+
const DEFAULT_ENGINE_URL = "http://209.38.42.28:8000";
|
|
22
22
|
const WALLETCONNECT_PROJECT_ID = process.env.WALLETCONNECT_PROJECT_ID ?? "d5eb170c427570e15ac00ae53acc93ba";
|
|
23
23
|
const OG_RPC = "https://evmrpc-testnet.0g.ai";
|
|
24
24
|
const BLOCK_EXPLORER = "https://chainscan-galileo.0g.ai";
|
|
@@ -304,21 +304,44 @@ export async function installCommand(packageSpec, auditSource, force = false) {
|
|
|
304
304
|
return askInstallWithoutAudit(packageSpec);
|
|
305
305
|
}
|
|
306
306
|
}
|
|
307
|
-
// Trigger audit engine
|
|
308
|
-
const
|
|
309
|
-
|
|
310
|
-
|
|
307
|
+
// Trigger audit engine (streaming endpoint)
|
|
308
|
+
const rawApiUrl = process.env.NPMGUARD_AUDIT_API_URL ?? DEFAULT_ENGINE_URL;
|
|
309
|
+
const engineBaseUrl = rawApiUrl.replace(/\/audit\/?$/, "");
|
|
310
|
+
const frontendUrl = process.env.NPMGUARD_FRONTEND_URL ?? engineBaseUrl.replace(":8000", ":3000");
|
|
311
311
|
const auditSpinner = ora(" Running security audit...").start();
|
|
312
312
|
try {
|
|
313
|
-
const
|
|
313
|
+
const streamResp = await fetch(`${engineBaseUrl}/audit/stream`, {
|
|
314
314
|
method: "POST",
|
|
315
315
|
headers: { "Content-Type": "application/json" },
|
|
316
316
|
body: JSON.stringify({ packageName, version: requestedVersion }),
|
|
317
317
|
});
|
|
318
|
-
if (!
|
|
319
|
-
throw new Error(`Audit engine returned ${
|
|
320
|
-
const
|
|
318
|
+
if (!streamResp.ok)
|
|
319
|
+
throw new Error(`Audit engine returned ${streamResp.status}`);
|
|
320
|
+
const { auditId } = await streamResp.json();
|
|
321
|
+
auditSpinner.text = " Running security audit...";
|
|
322
|
+
console.log();
|
|
323
|
+
console.log(chalk.cyan(` Live audit: ${frontendUrl}/audit/${auditId}`));
|
|
324
|
+
console.log();
|
|
325
|
+
// Poll for completion
|
|
326
|
+
let result;
|
|
327
|
+
const POLL_INTERVAL = 2000;
|
|
328
|
+
const POLL_TIMEOUT = 5 * 60_000;
|
|
329
|
+
const start = Date.now();
|
|
330
|
+
while (Date.now() - start < POLL_TIMEOUT) {
|
|
331
|
+
const reportResp = await fetch(`${engineBaseUrl}/audit/${auditId}/report`);
|
|
332
|
+
if (reportResp.status === 202) {
|
|
333
|
+
await new Promise((r) => setTimeout(r, POLL_INTERVAL));
|
|
334
|
+
continue;
|
|
335
|
+
}
|
|
336
|
+
if (!reportResp.ok)
|
|
337
|
+
throw new Error(`Audit engine returned ${reportResp.status}`);
|
|
338
|
+
result = await reportResp.json();
|
|
339
|
+
break;
|
|
340
|
+
}
|
|
321
341
|
auditSpinner.stop();
|
|
342
|
+
if (!result) {
|
|
343
|
+
throw new Error("Audit timed out");
|
|
344
|
+
}
|
|
322
345
|
console.log();
|
|
323
346
|
const verdict = (result.verdict ?? "UNKNOWN").toUpperCase();
|
|
324
347
|
const capabilities = result.capabilities ?? [];
|