feat(registry): Add support for specifying registry

IBM · Jan 27, 2019 · 0e8a36a · 0e8a36a
1 parent 9c72c7f
commit 0e8a36a
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -77,6 +77,7 @@ before_install:
 | -r   | --report          | Shows the `npm audit --json` report (default `true`)                              |
 | -a   | --advisories      | Vulnerable advisory ids to whitelist from preventing integration (default `none`) |
 | -w   | --whitelist       | Vulnerable modules to whitelist from preventing integration (default `none`)      |
+|      | --registry        | The registry to resolve packages by name and version (default to unspecified)     |
 |      | --config          | Path to JSON config file                                                          |
 
 ### (_Optional_) Config file specification
@@ -134,7 +135,8 @@ audit-ci
   "low": true,
   "package-manager": "auto",
   "advisories": [100, 101],
-  "whitelist": ["example1", "example2"]
+  "whitelist": ["example1", "example2"],
+  "registry": "https://registry.npmjs.org"
 }
 ```
 

diff --git a/lib/audit-ci.js b/lib/audit-ci.js
@@ -57,6 +57,11 @@ const { argv } = yargs
       describe: 'Whitelisted module names',
       type: 'array',
     },
+    registry: {
+      default: undefined,
+      describe: 'The registry to resolve packages by name and version',
+      type: 'string',
+    },
   })
   .help('help');
 

diff --git a/lib/npm-auditer.js b/lib/npm-auditer.js
@@ -67,8 +67,11 @@ function reportAudit(npmAudit, config) {
   return npmAudit;
 }
 
-function runNpmAudit(callback) {
-  childProcess.exec('npm audit --json', (_error, stdout, stderr) => {
+function runNpmAudit(registry, callback) {
+  const command = registry
+    ? `npm audit --json --registry ${registry}`
+    : 'npm audit --json';
+  childProcess.exec(command, (_error, stdout, stderr) => {
     if (stderr) {
       callback(new Error(stderr), null);
       return;
@@ -82,16 +85,17 @@ function runNpmAudit(callback) {
 /**
  * Audit your NPM project!
  *
- * @param {{report: boolean, whitelist: string[], advisories: string[], levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config
+ * @param {{report: boolean, whitelist: string[], advisories: string[], registry: string, levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config
  * `report`: whether to show the NPM audit report in the console.
  * `whitelist`: a list of packages that should not break the build if their vulnerability is found.
  * `advisories`: a list of advisory ids that should not break the build if found.
+ * `registry`: the registry to resolve packages by name and version.
  * `levels`: the vulnerability levels to fail on, if `moderate` is set `true`, `high` and `critical` should be as well.
  * @returns {Promise<any>} Returns the audit report on resolve, `Error` on rejection.
  */
 function audit(config) {
   return new Promise((resolve, reject) => {
-    runNpmAudit((err, result) => {
+    runNpmAudit(config.registry, (err, result) => {
       if (err) {
         reject(err);
         return;

diff --git a/lib/yarn-auditer.js b/lib/yarn-auditer.js
@@ -22,12 +22,13 @@ function yarnSupportsAudit(yarnVersion) {
 }
 
 /**
- * Audit your NPM project!
+ * Audit your Yarn project!
  *
- * @param {{report: boolean, whitelist: string[], advisories: string[], levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config
+ * @param {{report: boolean, whitelist: string[], advisories: string[], registry: string, levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config
  * `report`: whether to show the NPM audit report in the console.
  * `whitelist`: a list of packages that should not break the build if their vulnerability is found.
  * `advisories`: a list of advisory ids that should not break the build if found.
+ * `registry`: the registry to resolve packages by name and version.
  * `levels`: the vulnerability levels to fail on, if `moderate` is set `true`, `high` and `critical` should be as well.
  * @returns {Promise<none>} Returns nothing on resolve, `Error` on rejection.
  */
@@ -42,10 +43,13 @@ function audit(config) {
         )
       );
     }
+    const { advisories, levels, registry, report, whitelist } = config;
+    const args = ['audit', '--json'];
+    if (registry) {
+      args.push('--registry', registry);
+    }
+    const proc = spawn('yarn', args);
 
-    const proc = spawn('yarn', ['audit', '--json']);
-
-    const { advisories, levels, report, whitelist } = config;
     if (whitelist.length) {
       console.log(`Modules to whitelist: ${whitelist.join(', ')}.`);
     }