Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

Commit

Permalink
default audit severity=high, vulnerable_versions=*
Browse files Browse the repository at this point in the history
Fix: npm/cli#1875
Related: npm/metavuln-calculator#4

PR-URL: #230
Credit: @isaacs
Close: #230
Reviewed-by: @ruyadorno
  • Loading branch information
isaacs committed Feb 18, 2021
1 parent 7d5cb3d commit d407da7
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/audit-report.js
Original file line number Diff line number Diff line change
Expand Up @@ -268,8 +268,8 @@ class AuditReport extends Map {
id,
url,
title,
severity,
vulnerable_versions,
severity = 'high',
vulnerable_versions = '*',
module_name: name,
} = advisory
bulk[name] = bulk[name] || []
Expand Down
37 changes: 37 additions & 0 deletions test/audit-report.js
Original file line number Diff line number Diff line change
Expand Up @@ -365,3 +365,40 @@ t.test('audit when bulk report doenst have anything in it', async t => {
const { report } = await auditReport.run()
t.strictSame(report, null)
})

t.test('default severity=high, vulnerable_versions=*', async t => {
const audit = {
actions: [],
advisories: {
755: {
findings: [
{
version: '1.2.3',
paths: [
'something',
],
},
],
id: 755,
title: 'no severity or vulnerable versions',
module_name: 'something',
overview: 'should default severity=high, vulnerable_versions=*',
recommendation: "don't use this thing",
url: 'https://npmjs.com/advisories/755',
},
},
muted: [],
metadata: {
vulnerabilities: {},
dependencies: 1,
devDependencies: 0,
optionalDependencies: 0,
totalDependencies: 1,
},
runId: 'just-some-unique-identifier',
}

const bulk = auditToBulk(audit)
t.match(bulk, { something: [{ severity: 'high', vulnerable_versions: '*' }] })
t.end()
})

0 comments on commit d407da7

Please sign in to comment.