feat(cli): generate report (#403)

Author: PierreDemailly

bin/index.js

@@ -94,6 +94,15 @@ prog
   .option("--vcs", i18n.getTokenSync("cli.commands.scorecard.option_vcs"), "github")
   .action(commands.scorecard.main);
 
+prog
+  .command("report [repository]")
+  .describe(i18n.getTokenSync("cli.commands.report.desc"))
+  .option("-t, --theme", i18n.getTokenSync("cli.commands.report.option_theme"), "white")
+  .option("-i, --includesAllDeps", i18n.getTokenSync("cli.commands.report.option_includesAllDeps"), true)
+  .option("-l, --title", i18n.getTokenSync("cli.commands.report.option_title"), "NodeSecure Report")
+  .option("-r, --reporters", i18n.getTokenSync("cli.commands.report.option_reporters"), ["html"])
+  .action(commands.report.main);
+
 prog
   .command("lang")
   .describe(i18n.getTokenSync("cli.commands.lang.desc"))

i18n/english.js

@@ -54,6 +54,13 @@ const cli = {
       desc: "Display the OSSF Scorecard for a given repository or the current working directory (Github only, e.g. fastify/fastify)",
       option_vcs: "Version control platform (GitHub, GitLab)"
     },
+    report: {
+      desc: "Generate a report from a package",
+      option_includesAllDeps: "Include all dependencies",
+      option_theme: "Report theme ('dark', 'light')",
+      option_title: "Report title",
+      option_reporters: "List of reporters to use: 'html', 'pdf'"
+    },
     config: {
       desc: "Edit your NodeSecure config file"
     },

i18n/french.js

@@ -54,6 +54,13 @@ const cli = {
       desc: "Afficher la fiche de score OSSF du repo donné ou du repertoire actuel (Github uniquement ex. fastify/fastify)",
       option_vcs: "Logiciel de gestion de versions (GitHub, GitLab)"
     },
+    report: {
+      desc: "Générer un rapport à partir d'un package",
+      option_includesAllDeps: "Inclure toutes les dépendances, true par défaut",
+      option_theme: "Thème du rapport ('dark', 'light'), 'light' par défaut",
+      option_title: "Titre du rapport",
+      option_reporters: "Liste des reporters à utiliser 'html', 'pdf'"
+    },
     config: {
       desc: "Modifier le fichier de configuration NodeSecure"
     },

package.json

@@ -86,7 +86,7 @@
     "@nodesecure/npm-registry-sdk": "^3.0.0",
     "@nodesecure/ossf-scorecard-sdk": "^3.2.1",
     "@nodesecure/rc": "^2.1.0",
-    "@nodesecure/report": "^1.2.1",
+    "@nodesecure/report": "^2.1.0",
     "@nodesecure/scanner": "^5.3.0",
     "@nodesecure/utils": "^2.2.0",
     "@nodesecure/vuln": "^1.7.0",

src/commands/index.js

@@ -6,3 +6,4 @@ export * as http from "./http.js";
 export * as scanner from "./scanner.js";
 export * as config from "./config.js";
 export * as scorecard from "./scorecard.js";
+export * as report from "./report.js";

src/commands/report.js

@@ -0,0 +1,78 @@
+// Import Third-party Dependencikes
+import { report } from "@nodesecure/report";
+import * as scanner from "@nodesecure/scanner";
+
+// CONSTANTS
+const kSupportedReporters = new Set(["html", "pdf"]);
+const kReportPayload = {
+  includeTransitiveInternal: false,
+  charts: [
+    {
+      name: "Extensions",
+      display: true,
+      interpolation: "d3.interpolateRainbow",
+      type: "bar"
+    },
+    {
+      name: "Licenses",
+      display: true,
+      interpolation: "d3.interpolateCool",
+      type: "bar"
+    },
+    {
+      name: "Warnings",
+      display: true,
+      type: "horizontalBar",
+      interpolation: "d3.interpolateInferno"
+    },
+    {
+      name: "Flags",
+      display: true,
+      type: "horizontalBar",
+      interpolation: "d3.interpolateSinebow"
+    }
+  ]
+};
+export async function main(repository, options) {
+  const {
+    theme,
+    includesAllDeps,
+    title,
+    reporters
+  } = options;
+
+  const [organizationPrefixOrRepo, repo] = repository.split("/");
+
+  const formattedReporters = new Set(Array.isArray(reporters) ? reporters : [reporters]);
+  for (const reporter of formattedReporters) {
+    if (!kSupportedReporters.has(reporter)) {
+      console.error(`Reporter '${reporter}' is not supported`);
+      process.exit();
+    }
+  }
+
+  const reportPayload = {
+    ...kReportPayload,
+    npm: {
+      organizationPrefix: repo === undefined ? null : organizationPrefixOrRepo,
+      packages: [repo === undefined ? organizationPrefixOrRepo : repo]
+    },
+    theme,
+    title,
+    reporters: [...formattedReporters],
+    saveOnDisk: true
+  };
+  const scannerPayload = await scanner.from(repository);
+
+  const reportPath = await report(
+    includesAllDeps ? scannerPayload.dependencies : { [repository]: scannerPayload.dependencies[repository] },
+    reportPayload,
+    {
+      reportOutputLocation: process.cwd(),
+      savePDFOnDisk: formattedReporters.has("pdf"),
+      saveHTMLOnDisk: formattedReporters.has("html")
+    }
+  );
+
+  console.log("Successfully generated report", reportPath);
+}

src/http-server/endpoints/report.js

@@ -48,7 +48,7 @@ export async function post(req, res) {
   const { title, includesAllDeps, theme } = body;
   const { dataFilePath } = context.getStore();
   const scannerPayload = JSON.parse(fs.readFileSync(dataFilePath, "utf-8"));
-  const reportPayload = kReportPayload;
+  const reportPayload = structuredClone(kReportPayload);
   const rootDependencyName = scannerPayload.rootDependencyName;
   const [organizationPrefixOrRepo, repo] = rootDependencyName.split("/");
   Object.assign(reportPayload, {
@@ -62,8 +62,8 @@ export async function post(req, res) {
 
   try {
     const data = await report(
-      reportPayload,
-      includesAllDeps ? scannerPayload.dependencies : { [rootDependencyName]: scannerPayload.dependencies[rootDependencyName] }
+      includesAllDeps ? scannerPayload.dependencies : { [rootDependencyName]: scannerPayload.dependencies[rootDependencyName] },
+      reportPayload
     );
 
     return send(res, 200, {
@@ -72,7 +72,9 @@ export async function post(req, res) {
       "Content-type": "application/pdf"
     });
   }
-  catch {
+  catch (err) {
+    console.error(err);
+
     return send(
       res,
       500