feat(registry): Warn the user that yarn audit --registry is unsupported

IBM · Mar 6, 2019 · f2f64ed · f2f64ed
1 parent 8766e00
commit f2f64ed
Showing 1 changed file with 24 additions and 2 deletions.
diff --git a/lib/yarn-auditer.js b/lib/yarn-auditer.js
@@ -9,6 +9,12 @@ const { reportAudit, runProgram } = require('./common');
 const Model = require('./Model');
 
 const MINIMUM_YARN_VERSION = '1.12.3';
+/**
+ * Change this to the appropriate version when
+ * yarn audit --registry is supported:
+ * @see https://github.com/yarnpkg/yarn/issues/7012
+ */
+const MINIMUM_YARN_AUDIT_REGISTRY_VERSION = '99.99.99';
 
 function getYarnVersion() {
   const version = childProcess
@@ -22,20 +28,25 @@ function yarnSupportsAudit(yarnVersion) {
   return semver.gte(yarnVersion, MINIMUM_YARN_VERSION);
 }
 
+function yarnAuditSupportsRegistry(yarnVersion) {
+  return semver.gte(yarnVersion, MINIMUM_YARN_AUDIT_REGISTRY_VERSION);
+}
+
 /**
  * Audit your Yarn project!
  *
- * @param {{directory: string, report: { full?: boolean, summary?: boolean }, whitelist: string[], advisories: string[], levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config
+ * @param {{directory: string, report: { full?: boolean, summary?: boolean }, whitelist: string[], advisories: string[], registry: string, levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config
  * `directory`: the directory containing the package.json to audit.
  * `report`: report level: `full` for full report, `summary` for summary
  * `whitelist`: a list of packages that should not break the build if their vulnerability is found.
  * `advisories`: a list of advisory ids that should not break the build if found.
+ * `registry`: the registry to resolve packages by name and version.
  * `levels`: the vulnerability levels to fail on, if `moderate` is set `true`, `high` and `critical` should be as well.
  * @returns {Promise<any>} Returns the audit report summary on resolve, `Error` on rejection.
  */
 function audit(config, reporter = reportAudit) {
   return Promise.resolve().then(() => {
-    const { report, whitelist } = config;
+    const { registry, report, whitelist } = config;
     let missingLockFile = false;
     const model = new Model(config);
 
@@ -90,6 +101,17 @@ function audit(config, reporter = reportAudit) {
     }
     const options = { cwd: config.directory };
     const args = ['audit', '--json'];
+    if (registry) {
+      const auditRegistrySupported = yarnAuditSupportsRegistry(yarnVersion);
+      if (auditRegistrySupported) {
+        args.push('--registry', registry);
+      } else {
+        console.warn(
+          '\x1b[33m%s\x1b[0m',
+          'Yarn audit does not support the registry flag yet.'
+        );
+      }
+    }
     return runProgram('yarn', args, options, outListener, errListener).then(
       () => {
         if (missingLockFile) {