diff --git a/.changeset/fifty-avocados-sneeze.md b/.changeset/fifty-avocados-sneeze.md new file mode 100644 index 0000000000..4db3864e54 --- /dev/null +++ b/.changeset/fifty-avocados-sneeze.md @@ -0,0 +1,5 @@ +--- +"@pnpm/plugin-commands-audit": patch +--- + +`pnpm audit --audit-level high` should not error if the found vulnerabilities are low and/or moderate. diff --git a/packages/plugin-commands-audit/src/audit.ts b/packages/plugin-commands-audit/src/audit.ts index c120a3ae22..b7c5f45ac6 100644 --- a/packages/plugin-commands-audit/src/audit.ts +++ b/packages/plugin-commands-audit/src/audit.ts @@ -112,10 +112,9 @@ export async function handler ( }) const vulnerabilities = auditReport.metadata.vulnerabilities const totalVulnerabilityCount = Object.values(vulnerabilities).reduce((sum, vulnerabilitiesCount) => sum + vulnerabilitiesCount, 0) - const exitCode = totalVulnerabilityCount > 0 ? 1 : 0 if (opts.json) { return { - exitCode, + exitCode: totalVulnerabilityCount > 0 ? 1 : 0, output: JSON.stringify(auditReport, null, 2), } } @@ -135,7 +134,7 @@ export async function handler ( ], TABLE_OPTIONS) } return { - exitCode, + exitCode: output ? 1 : 0, output: `${output}${reportSummary(auditReport.metadata.vulnerabilities, totalVulnerabilityCount)}`, } } diff --git a/packages/plugin-commands-audit/test/index.ts b/packages/plugin-commands-audit/test/index.ts index d7f9a78ef3..4ed3931971 100644 --- a/packages/plugin-commands-audit/test/index.ts +++ b/packages/plugin-commands-audit/test/index.ts @@ -278,3 +278,25 @@ test('audit --json', async (t) => { t.equal(exitCode, 1) t.end() }) + +test('audit does not exit with code 1 if the found vulnerabilities are having lower severity then what we asked for', async (t) => { + const { output, exitCode } = await audit.handler({ + auditLevel: 'high', + dir: path.join(__dirname, 'packages/has-vulnerabilities'), + include: { + dependencies: false, + devDependencies: true, + optionalDependencies: false, + }, + registries: { + default: 'https://registry.npmjs.org/', + }, + }) + + t.equal(exitCode, 0) + t.equal( + stripAnsi(output), + `1 vulnerabilities found +Severity: 1 moderate`) + t.end() +})