mirror of
https://github.com/pnpm/pnpm.git
synced 2026-04-04 15:24:02 -04:00
36 lines
1.4 KiB
TypeScript
36 lines
1.4 KiB
TypeScript
import { type AuditReport, type AuditAdvisory } from '@pnpm/audit'
|
|
import { writeSettings } from '@pnpm/config.config-writer'
|
|
import difference from 'ramda/src/difference'
|
|
import { type AuditOptions } from './audit.js'
|
|
|
|
export async function fix (auditReport: AuditReport, opts: AuditOptions): Promise<Record<string, string>> {
|
|
const vulnOverrides = createOverrides(Object.values(auditReport.advisories), opts.auditConfig?.ignoreCves)
|
|
if (Object.values(vulnOverrides).length === 0) return vulnOverrides
|
|
await writeSettings({
|
|
updatedSettings: {
|
|
overrides: {
|
|
...opts.overrides,
|
|
...vulnOverrides,
|
|
},
|
|
},
|
|
rootProjectManifest: opts.rootProjectManifest,
|
|
rootProjectManifestDir: opts.rootProjectManifestDir,
|
|
workspaceDir: opts.workspaceDir ?? opts.rootProjectManifestDir,
|
|
})
|
|
return vulnOverrides
|
|
}
|
|
|
|
function createOverrides (advisories: AuditAdvisory[], ignoreCves?: string[]): Record<string, string> {
|
|
if (ignoreCves) {
|
|
advisories = advisories.filter(({ cves }) => difference(cves, ignoreCves).length > 0)
|
|
}
|
|
return Object.fromEntries(
|
|
advisories
|
|
.filter(({ vulnerable_versions, patched_versions }) => vulnerable_versions !== '>=0.0.0' && patched_versions !== '<0.0.0') // eslint-disable-line
|
|
.map((advisory) => [
|
|
`${advisory.module_name}@${advisory.vulnerable_versions}`,
|
|
advisory.patched_versions,
|
|
])
|
|
)
|
|
}
|