yujunjun/playwright
1
0
Fork 0
mirror of https://github.com/microsoft/playwright.git synced 2025-06-26 21:40:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
playwright/utils/check_audit.js

55 lines
1.5 KiB
JavaScript
Raw Blame History

const { exec } = require('child_process');
const URL_LIST = [
// Not encountered by Vite, thus we cannot hit it
'https://github.com/advisories/GHSA-67mh-4wv8-2f99'
];
const runNpmAudit = () => new Promise((resolve, reject) => {
exec('npm audit --omit dev --json', (error, stdout, stderr) => {
if (error && stderr) {
// npm audit returns a non-zero exit code if there are vulnerabilities
reject(`Audit error: ${error}\n${stdout}\n${stderr}`);
return;
}
resolve(stdout);
});
});
// interface Audit {
// [name: string]: AuditEntry;
// }
// interface AuditEntry {
// severity: string;
// range: string;
// via: Array<{
// url: string;
// } | string>;
// }
const checkAudit = async () => {
const audit = JSON.parse(await runNpmAudit());
const validVulnerabilities = Object.entries(audit.vulnerabilities).filter(([_name, entry]) => {
const originalVulnerabilities = entry.via.filter(viaEntry => typeof viaEntry === 'object' && !URL_LIST.includes(viaEntry.url));
return originalVulnerabilities.length > 0;
});
for (const [name, entry] of validVulnerabilities) {
console.error(`Vulnerability (${entry.severity}): ${name} ${entry.range}`);
}
if (validVulnerabilities.length > 0) {
process.exit(1);
}
console.log('No vulnerabilities found');
};
// You can manually run `npm audit --omit dev` to see the vulnerabilities in a human-friendly
checkAudit().catch(error => {
console.error(error);
process.exit(1);
});
Reference in New Issue View Git Blame Copy Permalink