From f2f64ed472b329d6df89a720115ab1253a1b8610 Mon Sep 17 00:00:00 2001 From: Quinn Turner Date: Tue, 5 Mar 2019 20:19:19 -0500 Subject: [PATCH] feat(registry): Warn the user that yarn audit --registry is unsupported --- lib/yarn-auditer.js | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/lib/yarn-auditer.js b/lib/yarn-auditer.js index 471e7aba..bc81a8c8 100644 --- a/lib/yarn-auditer.js +++ b/lib/yarn-auditer.js @@ -9,6 +9,12 @@ const { reportAudit, runProgram } = require('./common'); const Model = require('./Model'); const MINIMUM_YARN_VERSION = '1.12.3'; +/** + * Change this to the appropriate version when + * yarn audit --registry is supported: + * @see https://github.com/yarnpkg/yarn/issues/7012 + */ +const MINIMUM_YARN_AUDIT_REGISTRY_VERSION = '99.99.99'; function getYarnVersion() { const version = childProcess @@ -22,20 +28,25 @@ function yarnSupportsAudit(yarnVersion) { return semver.gte(yarnVersion, MINIMUM_YARN_VERSION); } +function yarnAuditSupportsRegistry(yarnVersion) { + return semver.gte(yarnVersion, MINIMUM_YARN_AUDIT_REGISTRY_VERSION); +} + /** * Audit your Yarn project! * - * @param {{directory: string, report: { full?: boolean, summary?: boolean }, whitelist: string[], advisories: string[], levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config + * @param {{directory: string, report: { full?: boolean, summary?: boolean }, whitelist: string[], advisories: string[], registry: string, levels: { low: boolean, moderate: boolean, high: boolean, critical: boolean }}} config * `directory`: the directory containing the package.json to audit. * `report`: report level: `full` for full report, `summary` for summary * `whitelist`: a list of packages that should not break the build if their vulnerability is found. * `advisories`: a list of advisory ids that should not break the build if found. + * `registry`: the registry to resolve packages by name and version. * `levels`: the vulnerability levels to fail on, if `moderate` is set `true`, `high` and `critical` should be as well. * @returns {Promise} Returns the audit report summary on resolve, `Error` on rejection. */ function audit(config, reporter = reportAudit) { return Promise.resolve().then(() => { - const { report, whitelist } = config; + const { registry, report, whitelist } = config; let missingLockFile = false; const model = new Model(config); @@ -90,6 +101,17 @@ function audit(config, reporter = reportAudit) { } const options = { cwd: config.directory }; const args = ['audit', '--json']; + if (registry) { + const auditRegistrySupported = yarnAuditSupportsRegistry(yarnVersion); + if (auditRegistrySupported) { + args.push('--registry', registry); + } else { + console.warn( + '\x1b[33m%s\x1b[0m', + 'Yarn audit does not support the registry flag yet.' + ); + } + } return runProgram('yarn', args, options, outListener, errListener).then( () => { if (missingLockFile) {