REDROOM
PHP 8.2.31
Preview: audit.js Size: 3.17 KB
/proc/self/root/opt/alt/alt-nodejs24/root/lib/node_modules/npm/lib/commands/audit.js
const npmAuditReport = require('npm-audit-report')
const ArboristWorkspaceCmd = require('../arborist-cmd.js')
const auditError = require('../utils/audit-error.js')
const { log, output } = require('proc-log')
const reifyFinish = require('../utils/reify-finish.js')
const VerifySignatures = require('../utils/verify-signatures.js')

class Audit extends ArboristWorkspaceCmd {
  static description = 'Run a security audit'
  static name = 'audit'
  static params = [
    'audit-level',
    'dry-run',
    'force',
    'json',
    'package-lock-only',
    'package-lock',
    'omit',
    'include',
    'foreground-scripts',
    'ignore-scripts',
    'include-attestations',
    ...super.params,
  ]

  static usage = ['[fix|signatures]']

  static async completion (opts) {
    const argv = opts.conf.argv.remain

    if (argv.length === 2) {
      return ['fix', 'signatures']
    }

    switch (argv[2]) {
      case 'fix':
      case 'signatures':
        return []
      default:
        throw Object.assign(new Error(`${argv[2]} not recognized`), {
          code: 'EUSAGE',
        })
    }
  }

  async exec (args) {
    if (args[0] === 'signatures') {
      await this.auditSignatures()
    } else {
      await this.auditAdvisories(args)
    }
  }

  async auditAdvisories (args) {
    const fix = args[0] === 'fix'
    if (this.npm.config.get('package-lock') === false && fix) {
      throw this.usageError('fix cannot be used without a package-lock')
    }
    const reporter = this.npm.config.get('json') ? 'json' : 'detail'
    const Arborist = require('@npmcli/arborist')
    const opts = {
      ...this.npm.flatOptions,
      audit: true,
      path: this.npm.prefix,
      reporter,
      workspaces: this.workspaceNames,
    }

    const arb = new Arborist(opts)
    await arb.audit({ fix })
    if (fix) {
      await reifyFinish(this.npm, arb)
    } else {
      // will throw if there's an error, because this is an audit command
      auditError(this.npm, arb.auditReport)
      const result = npmAuditReport(arb.auditReport, {
        ...opts,
        chalk: this.npm.chalk,
      })
      process.exitCode = process.exitCode || result.exitCode
      output.standard(result.report)
    }
  }

  async auditSignatures () {
    if (this.npm.global) {
      throw Object.assign(
        new Error('`npm audit signatures` does not support global packages'), {
          code: 'EAUDITGLOBAL',
        }
      )
    }

    log.verbose('audit', 'loading installed dependencies')
    const Arborist = require('@npmcli/arborist')
    const opts = {
      ...this.npm.flatOptions,
      path: this.npm.prefix,
      workspaces: this.workspaceNames,
    }

    const arb = new Arborist(opts)
    const tree = await arb.loadActual()
    let filterSet = new Set()
    if (opts.workspaces && opts.workspaces.length) {
      filterSet =
        arb.workspaceDependencySet(
          tree,
          opts.workspaces,
          this.npm.flatOptions.includeWorkspaceRoot
        )
    } else if (!this.npm.flatOptions.workspacesEnabled) {
      filterSet =
        arb.excludeWorkspacesDependencySet(tree)
    }

    const verify = new VerifySignatures(tree, filterSet, this.npm, { ...opts })
    await verify.run()
  }
}

module.exports = Audit

Directory Contents

Dirs: 1 × Files: 67
Name Size Perms Modified Actions
trust DIR
- drwxr-xr-x 2026-05-14 21:13:30
Edit Download
access.js
6.17 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
adduser.js
1.29 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
audit.js
3.17 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
bugs.js
847 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
cache.js
11.48 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
ci.js
4.24 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
completion.js
10.83 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
config.js
11.48 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
dedupe.js
1.42 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
deprecate.js
2.43 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
diff.js
7.92 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
dist-tag.js
5.50 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
docs.js
449 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
doctor.js
9.99 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
edit.js
1.72 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
exec.js
3.39 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
explain.js
3.55 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
explore.js
2.11 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
find-dupes.js
578 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
fund.js
6.38 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
get.js
538 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
help-search.js
5.53 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
help.js
3.64 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
init.js
7.02 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
install-ci-test.js
308 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
install-test.js
303 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
install.js
5.10 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
link.js
5.24 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
ll.js
234 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
login.js
1.29 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
logout.js
1.42 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
ls.js
18.03 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
org.js
3.96 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
outdated.js
7.92 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
owner.js
5.95 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
pack.js
2.77 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
ping.js
873 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
pkg.js
3.58 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
prefix.js
309 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
profile.js
10.30 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
prune.js
770 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
publish.js
9.47 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
query.js
3.75 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
rebuild.js
2.15 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
repo.js
1.24 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
restart.js
303 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
root.js
295 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
run.js
6.27 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
sbom.js
4.47 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
search.js
1.83 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
set.js
632 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
shrinkwrap.js
2.63 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
star.js
1.88 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
stars.js
1.03 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
start.js
293 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
stop.js
288 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
team.js
4.33 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
test.js
288 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
token.js
7.96 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
undeprecate.js
302 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
uninstall.js
1.49 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
unpublish.js
5.24 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
unstar.js
183 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
update.js
1.69 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
version.js
3.54 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
view.js
13.48 KB lrw-r--r-- 2026-04-24 15:56:02
Edit Download
whoami.js
527 B lrw-r--r-- 2026-04-24 15:56:02
Edit Download
If ZipArchive is unavailable, a .tar will be created (no compression).