xusl
/
pfr


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
							// pass in an arborist object, and it'll output the data about what
// was done, what was audited, etc.
//
// added ## packages, removed ## packages, and audited ## packages in 19.157s
//
// 1 package is looking for funding
//   run `npm fund` for details
//
// found 37 vulnerabilities (5 low, 7 moderate, 25 high)
//   run `npm audit fix` to fix them, or `npm audit` for details

const log = require('npmlog')
const { depth } = require('treeverse')
const ms = require('ms')
const auditReport = require('npm-audit-report')
const { readTree: getFundingInfo } = require('libnpmfund')
const auditError = require('./audit-error.js')

// TODO: output JSON if flatOptions.json is true
const reifyOutput = (npm, arb) => {
  const { diff, actualTree } = arb

  // note: fails and crashes if we're running audit fix and there was an error
  // which is a good thing, because there's no point printing all this other
  // stuff in that case!
  const auditReport = auditError(npm, arb.auditReport) ? null : arb.auditReport

  // don't print any info in --silent mode, but we still need to
  // set the exitCode properly from the audit report, if we have one.
  if (log.levels[log.level] > log.levels.error) {
    getAuditReport(npm, auditReport)
    return
  }

  const summary = {
    added: 0,
    removed: 0,
    changed: 0,
    audited: auditReport && !auditReport.error ? actualTree.inventory.size : 0,
    funding: 0,
  }

  if (diff) {
    depth({
      tree: diff,
      visit: d => {
        switch (d.action) {
          case 'REMOVE':
            summary.removed++
            break
          case 'ADD':
            actualTree.inventory.has(d.ideal) && summary.added++
            break
          case 'CHANGE':
            summary.changed++
            break
          default:
            return
        }
        const node = d.actual || d.ideal
        log.silly(d.action, node.location)
      },
      getChildren: d => d.children,
    })
  }

  if (npm.flatOptions.fund) {
    const fundingInfo = getFundingInfo(actualTree, { countOnly: true })
    summary.funding = fundingInfo.length
  }

  if (npm.flatOptions.json) {
    if (auditReport) {
      // call this to set the exit code properly
      getAuditReport(npm, auditReport)
      summary.audit = npm.command === 'audit' ? auditReport
        : auditReport.toJSON().metadata
    }
    npm.output(JSON.stringify(summary, 0, 2))
  } else {
    packagesChangedMessage(npm, summary)
    packagesFundingMessage(npm, summary)
    printAuditReport(npm, auditReport)
  }
}

// if we're running `npm audit fix`, then we print the full audit report
// at the end if there's still stuff, because it's silly for `npm audit`
// to tell you to run `npm audit` for details.  otherwise, use the summary
// report.  if we get here, we know it's not quiet or json.
// If the loglevel is set higher than 'error', then we just run the report
// to get the exitCode set appropriately.
const printAuditReport = (npm, report) => {
  const res = getAuditReport(npm, report)
  if (!res || !res.report)
    return
  npm.output(`\n${res.report}`)
}

const getAuditReport = (npm, report) => {
  if (!report)
    return

  // when in silent mode, we print nothing.  the JSON output is
  // going to just JSON.stringify() the report object.
  const reporter = log.levels[log.level] > log.levels.error ? 'quiet'
    : npm.flatOptions.json ? 'quiet'
    : npm.command !== 'audit' ? 'install'
    : 'detail'
  const defaultAuditLevel = npm.command !== 'audit' ? 'none' : 'low'
  const auditLevel = npm.flatOptions.auditLevel || defaultAuditLevel

  const res = auditReport(report, {
    reporter,
    ...npm.flatOptions,
    auditLevel,
  })
  if (npm.command === 'audit')
    process.exitCode = process.exitCode || res.exitCode
  return res
}

const packagesChangedMessage = (npm, { added, removed, changed, audited }) => {
  const msg = ['\n']
  if (added === 0 && removed === 0 && changed === 0) {
    msg.push('up to date')
    if (audited)
      msg.push(', ')
  } else {
    if (added)
      msg.push(`added ${added} package${added === 1 ? '' : 's'}`)

    if (removed) {
      if (added)
        msg.push(', ')

      if (added && !audited && !changed)
        msg.push('and ')

      msg.push(`removed ${removed} package${removed === 1 ? '' : 's'}`)
    }
    if (changed) {
      if (added || removed)
        msg.push(', ')

      if (!audited && (added || removed))
        msg.push('and ')

      msg.push(`changed ${changed} package${changed === 1 ? '' : 's'}`)
    }
    if (audited)
      msg.push(', and ')
  }
  if (audited)
    msg.push(`audited ${audited} package${audited === 1 ? '' : 's'}`)

  msg.push(` in ${ms(Date.now() - npm.started)}`)
  npm.output(msg.join(''))
}

const packagesFundingMessage = (npm, { funding }) => {
  if (!funding)
    return

  npm.output('')
  const pkg = funding === 1 ? 'package' : 'packages'
  const is = funding === 1 ? 'is' : 'are'
  npm.output(`${funding} ${pkg} ${is} looking for funding`)
  npm.output('  run `npm fund` for details')
}

module.exports = reifyOutput