ï»¿
Your IP : 216.73.216.86

Current Path : /home/emeraadmin/www/4d695/
Current File : /home/emeraadmin/www/4d695/npm-audit-report.tar
package.json000064400000003111151701451620007030 0ustar00{
  "_id": "npm-audit-report@5.0.0",
  "_inBundle": true,
  "_location": "/npm/npm-audit-report",
  "_phantomChildren": {},
  "_requiredBy": [
    "/npm"
  ],
  "author": {
    "name": "GitHub Inc."
  },
  "bugs": {
    "url": "https://github.com/npm/npm-audit-report/issues"
  },
  "description": "Given a response from the npm security api, render it into a variety of security reports",
  "devDependencies": {
    "@npmcli/eslint-config": "^4.0.0",
    "@npmcli/template-oss": "4.14.1",
    "chalk": "^5.2.0",
    "tap": "^16.0.0"
  },
  "directories": {
    "lib": "lib",
    "test": "test"
  },
  "engines": {
    "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
  },
  "files": [
    "bin/",
    "lib/"
  ],
  "homepage": "https://github.com/npm/npm-audit-report#readme",
  "keywords": [
    "npm",
    "security",
    "report",
    "audit"
  ],
  "license": "ISC",
  "main": "lib/index.js",
  "name": "npm-audit-report",
  "repository": {
    "type": "git",
    "url": "git+https://github.com/npm/npm-audit-report.git"
  },
  "scripts": {
    "lint": "eslint \"**/*.js\"",
    "lintfix": "npm run lint -- --fix",
    "postlint": "template-oss-check",
    "posttest": "npm run lint",
    "snap": "tap",
    "template-oss-apply": "template-oss-apply --force",
    "test": "tap"
  },
  "tap": {
    "check-coverage": true,
    "coverage-map": "map.js",
    "nyc-arg": [
      "--exclude",
      "tap-snapshots/**"
    ]
  },
  "templateOSS": {
    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
    "version": "4.14.1"
  },
  "version": "5.0.0"
}
lib/exit-code.js000064400000000643151701451630007537 0ustar00// return 1 if any vulns in the set are at or above the specified severity
const severities = new Map(Object.entries([
  'info',
  'low',
  'moderate',
  'high',
  'critical',
  'none',
]).map(s => s.reverse()))

module.exports = (data, level) =>
  Object.entries(data.metadata.vulnerabilities)
    .some(([sev, count]) => count > 0 && severities.has(sev) &&
      severities.get(sev) >= severities.get(level)) ? 1 : 0
lib/index.js000064400000001617151701451630006767 0ustar00'use strict'

const reporters = {
  install: require('./reporters/install'),
  detail: require('./reporters/detail'),
  json: require('./reporters/json'),
  quiet: require('./reporters/quiet'),
}

const exitCode = require('./exit-code.js')

module.exports = Object.assign((data, options = {}) => {
  const {
    reporter = 'install',
    chalk,
    unicode = true,
    indent = 2,
  } = options

  // CLI defaults this to `null` so the defaulting method above doesn't work
  const auditLevel = options.auditLevel || 'low'

  if (!data) {
    throw Object.assign(
      new TypeError('ENOAUDITDATA'),
      {
        code: 'ENOAUDITDATA',
        message: 'missing audit data',
      }
    )
  }

  if (typeof data.toJSON === 'function') {
    data = data.toJSON()
  }

  return {
    report: reporters[reporter](data, { chalk, unicode, indent }),
    exitCode: exitCode(data, auditLevel),
  }
}, { reporters })
lib/reporters/detail.js000064400000004545151701451630011152 0ustar00'use strict'

const colors = require('../colors.js')
const install = require('./install.js')

module.exports = (data, { chalk }) => {
  const summary = install.summary(data, { chalk })
  const none = data.metadata.vulnerabilities.total === 0
  return none ? summary : fullReport(data, { chalk, summary })
}

const fullReport = (data, { chalk, summary }) => {
  const c = colors(chalk)
  const output = [c.white('# npm audit report'), '']

  const printed = new Set()
  for (const [, vuln] of Object.entries(data.vulnerabilities)) {
    // only print starting from the top-level advisories
    if (vuln.via.filter(v => typeof v !== 'string').length !== 0) {
      output.push(printVuln(vuln, c, data.vulnerabilities, printed))
    }
  }

  output.push(summary)

  return output.join('\n')
}

const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => {
  if (printed.has(vuln)) {
    return null
  }

  printed.add(vuln)
  const output = []

  output.push(c.white(vuln.name) + '  ' + vuln.range)

  if (indent === '' && (vuln.severity !== 'low' || vuln.severity === 'info')) {
    output.push(`Severity: ${c.severity(vuln.severity)}`)
  }

  for (const via of vuln.via) {
    if (typeof via === 'string') {
      output.push(`Depends on vulnerable versions of ${c.white(via)}`)
    } else if (indent === '') {
      output.push(`${c.white(via.title)} - ${via.url}`)
    }
  }

  if (indent === '') {
    const { fixAvailable: fa } = vuln
    if (fa === false) {
      output.push(c.red('No fix available'))
    } else if (fa === true) {
      output.push(c.green('fix available') + ' via `npm audit fix`')
    } else {
      /* istanbul ignore else - should be impossible, just being cautious */
      if (typeof fa === 'object' && indent === '') {
        output.push(
          `${c.yellow('fix available')} via \`npm audit fix --force\``,
          `Will install ${fa.name}@${fa.version}` +
          `, which is ${fa.isSemVerMajor ? 'a breaking change' :
            'outside the stated dependency range'}`
        )
      }
    }
  }

  for (const path of vuln.nodes) {
    output.push(c.dim(path))
  }

  for (const effect of vuln.effects) {
    const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, '  ')
    if (e) {
      output.push(...e.split('\n'))
    }
  }

  if (indent === '') {
    output.push('')
  }

  return output.map(l => `${indent}${l}`).join('\n')
}
lib/reporters/install.js000064400000004577151701451630011363 0ustar00const colors = require('../colors.js')

const calculate = (data, { chalk }) => {
  const c = colors(chalk)
  const output = []
  const { metadata: { vulnerabilities } } = data
  const vulnCount = vulnerabilities.total

  let someFixable = false
  let someForceFixable = false
  let forceFixSemVerMajor = false
  let someUnfixable = false

  if (vulnCount === 0) {
    output.push(`found ${c.green('0')} vulnerabilities`)
  } else {
    for (const [, vuln] of Object.entries(data.vulnerabilities)) {
      const { fixAvailable } = vuln
      someFixable = someFixable || fixAvailable === true
      someUnfixable = someUnfixable || fixAvailable === false
      if (typeof fixAvailable === 'object') {
        someForceFixable = true
        forceFixSemVerMajor = forceFixSemVerMajor || fixAvailable.isSemVerMajor
      }
    }
    const total = vulnerabilities.total
    const sevs = Object.entries(vulnerabilities).filter(([s, count]) => {
      return (s === 'low' || s === 'moderate' || s === 'high' || s === 'critical') &&
        count > 0
    })

    if (sevs.length > 1) {
      const severities = sevs.map(([s, count]) => {
        return `${count} ${c.severity(s)}`
      }).join(', ')
      output.push(`${c.red(total)} vulnerabilities (${severities})`)
    } else {
      const [sev, count] = sevs[0]
      output.push(`${count} ${c.severity(sev)} severity vulnerabilit${count === 1 ? 'y' : 'ies'}`)
    }

    // XXX use a different footer line if some aren't fixable easily.
    // just 'run `npm audit` for details' maybe?

    if (someFixable) {
      output.push('', 'To address ' +
        (someForceFixable || someUnfixable ? 'issues that do not require attention'
        : 'all issues') + ', run:\n  npm audit fix')
    }

    if (someForceFixable) {
      output.push('', 'To address all issues' +
        (someUnfixable ? ' possible' : '') +
        (forceFixSemVerMajor ? ' (including breaking changes)' : '') +
        ', run:\n  npm audit fix --force')
    }

    if (someUnfixable) {
      output.push('',
        'Some issues need review, and may require choosing',
        'a different dependency.')
    }
  }

  const summary = output.join('\n')
  return {
    summary,
    report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
    : summary,
  }
}

module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
  summary: (data, opt) => calculate(data, opt).summary,
})
lib/reporters/quiet.js000064400000000032151701451630011022 0ustar00module.exports = () => ''
lib/reporters/json.js000064400000000112151701451630010643 0ustar00module.exports = (data, { indent }) => JSON.stringify(data, null, indent)
lib/colors.js000064400000001077151701451630007161 0ustar00module.exports = (chalk) => {
  const green = s => chalk.green.bold(s)
  const red = s => chalk.red.bold(s)
  const magenta = s => chalk.magenta.bold(s)
  const yellow = s => chalk.yellow.bold(s)
  const white = s => chalk.bold(s)
  const severity = (sev, s) => sev.toLowerCase() === 'moderate' ? yellow(s || sev)
    : sev.toLowerCase() === 'high' ? red(s || sev)
    : sev.toLowerCase() === 'critical' ? magenta(s || sev)
    : white(s || sev)
  const dim = s => chalk.dim(s)

  return {
    dim,
    green,
    red,
    magenta,
    yellow,
    white,
    severity,
  }
}
LICENSE000064400000001363151701451630005557 0ustar00ISC License

Copyright (c) npm, Inc.

Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.