Class: Package::Audit::Npm::VulnerabilityFinder

Inherits:

Object

Object
Package::Audit::Npm::VulnerabilityFinder

show all

Defined in:: lib/package/audit/npm/vulnerability_finder.rb

Constant Summary collapse

AUDIT_ADVISORY_REGEX =

/^{"type":"auditAdvisory".*$/

Instance Method Summary collapse

#initialize(dir, pkgs) ⇒ VulnerabilityFinder constructor

A new instance of VulnerabilityFinder.
#run ⇒ Object

Constructor Details

#initialize(dir, pkgs) ⇒ `VulnerabilityFinder`

Returns a new instance of VulnerabilityFinder.

# File 'lib/package/audit/npm/vulnerability_finder.rb', line 12

def initialize(dir, pkgs)
  @dir = dir
  @pkg_hash = pkgs.to_h { |pkg| [pkg.name, pkg] }
  @vuln_hash = {}
end

Instance Method Details

#run ⇒ `Object`

# File 'lib/package/audit/npm/vulnerability_finder.rb', line 18

def run
  # Suppress Node.js url.parse deprecation warnings from yarn audit command
  command = format(Const::Cmd::YARN_AUDIT_JSON, @dir)
  env_vars = { 'NODE_NO_WARNINGS' => '1' }

  json_string_lines, = Open3.capture3(env_vars, command)
  array = json_string_lines.scan(AUDIT_ADVISORY_REGEX)

  vulnerability_json_array = JSON.parse("[#{array.join(',')}]", symbolize_names: true)
  vulnerability_json_array.each do |vulnerability_json|
    update_meta_data(vulnerability_json)
  end
  @vuln_hash.values
end

Class: Package::Audit::Npm::VulnerabilityFinder

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(dir, pkgs) ⇒ VulnerabilityFinder

Instance Method Details

#run ⇒ Object

#initialize(dir, pkgs) ⇒ `VulnerabilityFinder`

#run ⇒ `Object`