deps: npm-audit-report@3.0.0

 * properly track which vuln was printed to remove duplicates

Author: wraithgar

node_modules/npm-audit-report/lib/colors.js

@@ -19,6 +19,6 @@ module.exports = color => {
     magenta,
     yellow,
     white,
-    severity
+    severity,
   }
 }

node_modules/npm-audit-report/lib/exit-code.js

@@ -5,7 +5,7 @@ const severities = new Map(Object.entries([
   'moderate',
   'high',
   'critical',
-  'none'
+  'none',
 ]).map(s => s.reverse()))
 
 module.exports = (data, level) =>

node_modules/npm-audit-report/lib/index.js

@@ -4,7 +4,7 @@ const reporters = {
   install: require('./reporters/install'),
   detail: require('./reporters/detail'),
   json: require('./reporters/json'),
-  quiet: require('./reporters/quiet')
+  quiet: require('./reporters/quiet'),
 }
 
 const exitCode = require('./exit-code.js')
@@ -20,20 +20,22 @@ module.exports = Object.assign((data, options = {}) => {
   // CLI defaults this to `null` so the defaulting method above doesn't work
   const auditLevel = options.auditLevel || 'low'
 
-  if (!data)
+  if (!data) {
     throw Object.assign(
       new TypeError('ENOAUDITDATA'),
       {
         code: 'ENOAUDITDATA',
-        message: 'missing audit data'
+        message: 'missing audit data',
       }
     )
+  }
 
-  if (typeof data.toJSON === 'function')
+  if (typeof data.toJSON === 'function') {
     data = data.toJSON()
+  }
 
   return {
     report: reporters[reporter](data, { color, unicode, indent }),
-    exitCode: exitCode(data, auditLevel)
+    exitCode: exitCode(data, auditLevel),
   }
 }, { reporters })

node_modules/npm-audit-report/lib/reporters/detail.js

@@ -6,28 +6,30 @@ const install = require('./install.js')
 module.exports = (data, { color }) => {
   const summary = install.summary(data, { color })
   const none = data.metadata.vulnerabilities.total === 0
-  return none ? summary : fullReport(data, {color, summary})
+  return none ? summary : fullReport(data, { color, summary })
 }
 
 const fullReport = (data, { color, summary }) => {
   const c = colors(color)
   const output = [c.white('# npm audit report'), '']
 
   const printed = new Set()
-  for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
+  for (const [, vuln] of Object.entries(data.vulnerabilities)) {
     // only print starting from the top-level advisories
-    if (vuln.via.filter(v => typeof v !== 'string').length !== 0)
-      output.push(printVuln(vuln, c, data.vulnerabilities))
+    if (vuln.via.filter(v => typeof v !== 'string').length !== 0) {
+      output.push(printVuln(vuln, c, data.vulnerabilities, printed))
+    }
   }
 
   output.push(summary)
 
   return output.join('\n')
 }
 
-const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') => {
-  if (printed.has(vuln))
+const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => {
+  if (printed.has(vuln)) {
     return null
+  }
 
   printed.add(vuln)
   const output = []
@@ -59,7 +61,7 @@ const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') =
           `${c.yellow('fix available')} via \`npm audit fix --force\``,
           `Will install ${fa.name}@${fa.version}` +
           `, which is ${fa.isSemVerMajor ? 'a breaking change' :
-            'outside the stated dependency range' }`
+            'outside the stated dependency range'}`
         )
       }
     }
@@ -70,10 +72,10 @@ const printVuln = (vuln, c, vulnerabilities, printed = new Set(), indent = '') =
   }
 
   for (const effect of vuln.effects) {
-    const vuln = vulnerabilities[effect]
-    const e = printVuln(vuln, c, vulnerabilities, printed, '  ')
-    if (e)
+    const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, '  ')
+    if (e) {
       output.push(...e.split('\n'))
+    }
   }
 
   if (indent === '') {

node_modules/npm-audit-report/lib/reporters/install.js

@@ -3,7 +3,7 @@ const colors = require('../colors.js')
 const calculate = (data, { color }) => {
   const c = colors(color)
   const output = []
-  const { metadata: { vulnerabilities }} = data
+  const { metadata: { vulnerabilities } } = data
   const vulnCount = vulnerabilities.total
 
   let someFixable = false
@@ -14,7 +14,7 @@ const calculate = (data, { color }) => {
   if (vulnCount === 0) {
     output.push(`found ${c.green('0')} vulnerabilities`)
   } else {
-    for (const [name, vuln] of Object.entries(data.vulnerabilities)) {
+    for (const [, vuln] of Object.entries(data.vulnerabilities)) {
       const { fixAvailable } = vuln
       someFixable = someFixable || fixAvailable === true
       someUnfixable = someUnfixable || fixAvailable === false
@@ -45,7 +45,7 @@ const calculate = (data, { color }) => {
     if (someFixable) {
       output.push('', 'To address ' +
         (someForceFixable || someUnfixable ? 'issues that do not require attention'
-          : 'all issues') + ', run:\n  npm audit fix')
+        : 'all issues') + ', run:\n  npm audit fix')
     }
 
     if (someForceFixable) {
@@ -66,10 +66,10 @@ const calculate = (data, { color }) => {
   return {
     summary,
     report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
-      : summary
+    : summary,
   }
 }
 
 module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
-  summary: (data, opt) => calculate(data, opt).summary
+  summary: (data, opt) => calculate(data, opt).summary,
 })

node_modules/npm-audit-report/package.json

@@ -1,14 +1,19 @@
 {
   "name": "npm-audit-report",
-  "version": "2.1.5",
+  "version": "3.0.0",
   "description": "Given a response from the npm security api, render it into a variety of security reports",
   "main": "lib/index.js",
   "scripts": {
     "test": "tap",
     "snap": "tap",
     "preversion": "npm test",
     "postversion": "npm publish",
-    "prepublishOnly": "git push origin --follow-tags"
+    "prepublishOnly": "git push origin --follow-tags",
+    "lint": "eslint \"**/*.js\"",
+    "postlint": "template-oss-check",
+    "template-oss-apply": "template-oss-apply --force",
+    "lintfix": "npm run lint -- --fix",
+    "posttest": "npm run lint"
   },
   "tap": {
     "check-coverage": true,
@@ -20,33 +25,39 @@
     "report",
     "audit"
   ],
-  "author": "Adam Baldwin",
+  "author": "GitHub Inc.",
   "license": "ISC",
   "dependencies": {
     "chalk": "^4.0.0"
   },
   "devDependencies": {
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.1.2",
     "require-inject": "^1.4.4",
-    "tap": "^14.10.7"
+    "tap": "^16.0.0"
   },
   "directories": {
     "lib": "lib",
     "test": "test"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/npm/npm-audit-report.git"
+    "url": "https://github.com/npm/npm-audit-report.git"
   },
   "bugs": {
     "url": "https://github.com/npm/npm-audit-report/issues"
   },
   "homepage": "https://github.com/npm/npm-audit-report#readme",
   "files": [
-    "index.js",
-    "lib",
+    "bin/",
+    "lib/",
     "reporters"
   ],
   "engines": {
-    "node": ">=10"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+  },
+  "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "3.1.2"
   }
 }

package-lock.json

@@ -132,7 +132,7 @@
         "ms": "^2.1.2",
         "node-gyp": "^9.0.0",
         "nopt": "^5.0.0",
-        "npm-audit-report": "^2.1.5",
+        "npm-audit-report": "^3.0.0",
         "npm-install-checks": "^4.0.0",
         "npm-package-arg": "^9.0.1",
         "npm-pick-manifest": "^7.0.0",
@@ -5325,15 +5325,15 @@
       }
     },
     "node_modules/npm-audit-report": {
-      "version": "2.1.5",
-      "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-2.1.5.tgz",
-      "integrity": "sha512-YB8qOoEmBhUH1UJgh1xFAv7Jg1d+xoNhsDYiFQlEFThEBui0W1vIz2ZK6FVg4WZjwEdl7uBQlm1jy3MUfyHeEw==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-3.0.0.tgz",
+      "integrity": "sha512-tWQzfbwz1sc4244Bx2BVELw0EmZlCsCF0X93RDcmmwhonCsPMoEviYsi+32R+mdRvOWXolPce9zo64n2xgPESw==",
       "inBundle": true,
       "dependencies": {
         "chalk": "^4.0.0"
       },
       "engines": {
-        "node": ">=10"
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
       }
     },
     "node_modules/npm-bundled": {
@@ -14812,9 +14812,9 @@
       "dev": true
     },
     "npm-audit-report": {
-      "version": "2.1.5",
-      "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-2.1.5.tgz",
-      "integrity": "sha512-YB8qOoEmBhUH1UJgh1xFAv7Jg1d+xoNhsDYiFQlEFThEBui0W1vIz2ZK6FVg4WZjwEdl7uBQlm1jy3MUfyHeEw==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-3.0.0.tgz",
+      "integrity": "sha512-tWQzfbwz1sc4244Bx2BVELw0EmZlCsCF0X93RDcmmwhonCsPMoEviYsi+32R+mdRvOWXolPce9zo64n2xgPESw==",
       "requires": {
         "chalk": "^4.0.0"
       }

package.json

@@ -99,7 +99,7 @@
     "ms": "^2.1.2",
     "node-gyp": "^9.0.0",
     "nopt": "^5.0.0",
-    "npm-audit-report": "^2.1.5",
+    "npm-audit-report": "^3.0.0",
     "npm-install-checks": "^4.0.0",
     "npm-package-arg": "^9.0.1",
     "npm-pick-manifest": "^7.0.0",