404

[ Avaa Bypassed ]




Upload:

Command:

botdev@18.222.144.72: ~ $
'use strict'

const Bluebird = require('bluebird')

const audit = require('./install/audit.js')
const figgyPudding = require('figgy-pudding')
const fs = require('graceful-fs')
const Installer = require('./install.js').Installer
const lockVerify = require('lock-verify')
const log = require('npmlog')
const npa = require('libnpm/parse-arg')
const npm = require('./npm.js')
const npmConfig = require('./config/figgy-config.js')
const output = require('./utils/output.js')
const parseJson = require('json-parse-better-errors')

const readFile = Bluebird.promisify(fs.readFile)

const AuditConfig = figgyPudding({
  also: {},
  'audit-level': {},
  deepArgs: 'deep-args',
  'deep-args': {},
  dev: {},
  force: {},
  'dry-run': {},
  global: {},
  json: {},
  only: {},
  parseable: {},
  prod: {},
  production: {},
  registry: {},
  runId: {}
})

module.exports = auditCmd

const usage = require('./utils/usage')
auditCmd.usage = usage(
  'audit',
  '\nnpm audit [--json] [--production]' +
  '\nnpm audit fix ' +
  '[--force|--package-lock-only|--dry-run|--production|--only=(dev|prod)]'
)

auditCmd.completion = function (opts, cb) {
  const argv = opts.conf.argv.remain

  switch (argv[2]) {
    case 'audit':
      return cb(null, [])
    default:
      return cb(new Error(argv[2] + ' not recognized'))
  }
}

class Auditor extends Installer {
  constructor (where, dryrun, args, opts) {
    super(where, dryrun, args, opts)
    this.deepArgs = (opts && opts.deepArgs) || []
    this.runId = opts.runId || ''
    this.audit = false
  }

  loadAllDepsIntoIdealTree (cb) {
    Bluebird.fromNode(cb => super.loadAllDepsIntoIdealTree(cb)).then(() => {
      if (this.deepArgs && this.deepArgs.length) {
        this.deepArgs.forEach(arg => {
          arg.reduce((acc, child, ii) => {
            if (!acc) {
              // We might not always be able to find `target` through the given
              // path. If we can't we'll just ignore it.
              return
            }
            const spec = npa(child)
            const target = (
              acc.requires.find(n => n.package.name === spec.name) ||
              acc.requires.find(
                n => audit.scrub(n.package.name, this.runId) === spec.name
              )
            )
            if (target && ii === arg.length - 1) {
              target.loaded = false
              // This kills `hasModernMeta()` and forces a re-fetch
              target.package = {
                name: spec.name,
                version: spec.fetchSpec,
                _requested: target.package._requested
              }
              delete target.fakeChild
              let parent = target.parent
              while (parent) {
                parent.loaded = false
                parent = parent.parent
              }
              target.requiredBy.forEach(par => {
                par.loaded = false
                delete par.fakeChild
              })
            }
            return target
          }, this.idealTree)
        })
        return Bluebird.fromNode(cb => super.loadAllDepsIntoIdealTree(cb))
      }
    }).nodeify(cb)
  }

  // no top level lifecycles on audit
  runPreinstallTopLevelLifecycles (cb) { cb() }
  runPostinstallTopLevelLifecycles (cb) { cb() }
}

function maybeReadFile (name) {
  const file = `${npm.prefix}/${name}`
  return readFile(file)
    .then((data) => {
      try {
        return parseJson(data)
      } catch (ex) {
        ex.code = 'EJSONPARSE'
        throw ex
      }
    })
    .catch({code: 'ENOENT'}, () => null)
    .catch((ex) => {
      ex.file = file
      throw ex
    })
}

function filterEnv (action, opts) {
  const includeDev = opts.dev ||
    (!/^prod(uction)?$/.test(opts.only) && !opts.production) ||
    /^dev(elopment)?$/.test(opts.only) ||
    /^dev(elopment)?$/.test(opts.also)
  const includeProd = !/^dev(elopment)?$/.test(opts.only)
  const resolves = action.resolves.filter(({dev}) => {
    return (dev && includeDev) || (!dev && includeProd)
  })
  if (resolves.length) {
    return Object.assign({}, action, {resolves})
  }
}

function auditCmd (args, cb) {
  const opts = AuditConfig(npmConfig())
  if (opts.global) {
    const err = new Error('`npm audit` does not support testing globals')
    err.code = 'EAUDITGLOBAL'
    throw err
  }
  if (args.length && args[0] !== 'fix') {
    return cb(new Error('Invalid audit subcommand: `' + args[0] + '`\n\nUsage:\n' + auditCmd.usage))
  }
  return Bluebird.all([
    maybeReadFile('npm-shrinkwrap.json'),
    maybeReadFile('package-lock.json'),
    maybeReadFile('package.json')
  ]).spread((shrinkwrap, lockfile, pkgJson) => {
    const sw = shrinkwrap || lockfile
    if (!pkgJson) {
      const err = new Error('No package.json found: Cannot audit a project without a package.json')
      err.code = 'EAUDITNOPJSON'
      throw err
    }
    if (!sw) {
      const err = new Error('Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile')
      err.code = 'EAUDITNOLOCK'
      throw err
    } else if (shrinkwrap && lockfile) {
      log.warn('audit', 'Both npm-shrinkwrap.json and package-lock.json exist, using npm-shrinkwrap.json.')
    }
    const requires = Object.assign(
      {},
      (pkgJson && pkgJson.dependencies) || {},
      (!opts.production && pkgJson && pkgJson.devDependencies) || {}
    )
    return lockVerify(npm.prefix).then((result) => {
      if (result.status) return audit.generate(sw, requires)

      const lockFile = shrinkwrap ? 'npm-shrinkwrap.json' : 'package-lock.json'
      const err = new Error(`Errors were found in your ${lockFile}, run  npm install  to fix them.\n    ` +
        result.errors.join('\n    '))
      err.code = 'ELOCKVERIFY'
      throw err
    })
  }).then((auditReport) => {
    return audit.submitForFullReport(auditReport)
  }).catch((err) => {
    if (err.statusCode >= 400) {
      let msg
      if (err.statusCode === 401) {
        msg = `Either your login credentials are invalid or your registry (${opts.registry}) does not support audit.`
      } else if (err.statusCode === 404) {
        msg = `Your configured registry (${opts.registry}) does not support audit requests.`
      } else {
        msg = `Your configured registry (${opts.registry}) may not support audit requests, or the audit endpoint may be temporarily unavailable.`
      }
      if (err.body.length) {
        msg += '\nThe server said: ' + err.body
      }
      const ne = new Error(msg)
      ne.code = 'ENOAUDIT'
      ne.wrapped = err
      throw ne
    }
    throw err
  }).then((auditResult) => {
    if (args[0] === 'fix') {
      const actions = (auditResult.actions || []).reduce((acc, action) => {
        action = filterEnv(action, opts)
        if (!action) { return acc }
        if (action.isMajor) {
          acc.major.add(`${action.module}@${action.target}`)
          action.resolves.forEach(({id, path}) => acc.majorFixes.add(`${id}::${path}`))
        } else if (action.action === 'install') {
          acc.install.add(`${action.module}@${action.target}`)
          action.resolves.forEach(({id, path}) => acc.installFixes.add(`${id}::${path}`))
        } else if (action.action === 'update') {
          const name = action.module
          const version = action.target
          action.resolves.forEach(vuln => {
            acc.updateFixes.add(`${vuln.id}::${vuln.path}`)
            const modPath = vuln.path.split('>')
            const newPath = modPath.slice(
              0, modPath.indexOf(name)
            ).concat(`${name}@${version}`)
            if (newPath.length === 1) {
              acc.install.add(newPath[0])
            } else {
              acc.update.add(newPath.join('>'))
            }
          })
        } else if (action.action === 'review') {
          action.resolves.forEach(({id, path}) => acc.review.add(`${id}::${path}`))
        }
        return acc
      }, {
        install: new Set(),
        installFixes: new Set(),
        update: new Set(),
        updateFixes: new Set(),
        major: new Set(),
        majorFixes: new Set(),
        review: new Set()
      })
      return Bluebird.try(() => {
        const installMajor = opts.force
        const installCount = actions.install.size + (installMajor ? actions.major.size : 0) + actions.update.size
        const vulnFixCount = new Set([...actions.installFixes, ...actions.updateFixes, ...(installMajor ? actions.majorFixes : [])]).size
        const metavuln = auditResult.metadata.vulnerabilities
        const total = Object.keys(metavuln).reduce((acc, key) => acc + metavuln[key], 0)
        if (installCount) {
          log.verbose(
            'audit',
            'installing',
            [...actions.install, ...(installMajor ? actions.major : []), ...actions.update]
          )
        }
        return Bluebird.fromNode(cb => {
          new Auditor(
            npm.prefix,
            !!opts['dry-run'],
            [...actions.install, ...(installMajor ? actions.major : [])],
            opts.concat({
              runId: auditResult.runId,
              deepArgs: [...actions.update].map(u => u.split('>'))
            }).toJSON()
          ).run(cb)
        }).then(() => {
          const numScanned = auditResult.metadata.totalDependencies
          if (!opts.json && !opts.parseable) {
            output(`fixed ${vulnFixCount} of ${total} vulnerabilit${total === 1 ? 'y' : 'ies'} in ${numScanned} scanned package${numScanned === 1 ? '' : 's'}`)
            if (actions.review.size) {
              output(`  ${actions.review.size} vulnerabilit${actions.review.size === 1 ? 'y' : 'ies'} required manual review and could not be updated`)
            }
            if (actions.major.size) {
              output(`  ${actions.major.size} package update${actions.major.size === 1 ? '' : 's'} for ${actions.majorFixes.size} vulnerabilit${actions.majorFixes.size === 1 ? 'y' : 'ies'} involved breaking changes`)
              if (installMajor) {
                output('  (installed due to `--force` option)')
              } else {
                output('  (use `npm audit fix --force` to install breaking changes;' +
                       ' or refer to `npm audit` for steps to fix these manually)')
              }
            }
          }
        })
      })
    } else {
      const levels = ['low', 'moderate', 'high', 'critical']
      const minLevel = levels.indexOf(opts['audit-level'])
      const vulns = levels.reduce((count, level, i) => {
        return i < minLevel ? count : count + (auditResult.metadata.vulnerabilities[level] || 0)
      }, 0)
      if (vulns > 0) process.exitCode = 1
      if (opts.parseable) {
        return audit.printParseableReport(auditResult)
      } else {
        return audit.printFullReport(auditResult)
      }
    }
  }).asCallback(cb)
}

Filemanager

Name Type Size Permission Actions
auth Folder 0755
config Folder 0755
doctor Folder 0755
install Folder 0755
search Folder 0755
utils Folder 0755
access.js File 5.54 KB 0644
adduser.js File 1.31 KB 0644
audit.js File 10.56 KB 0644
bin.js File 515 B 0644
bugs.js File 864 B 0644
build.js File 4.44 KB 0644
cache.js File 4.66 KB 0644
ci.js File 1.31 KB 0644
completion.js File 7.11 KB 0644
config.js File 7.43 KB 0644
dedupe.js File 4.88 KB 0644
deprecate.js File 2.11 KB 0644
dist-tag.js File 4.11 KB 0644
docs.js File 1.04 KB 0644
doctor.js File 3.98 KB 0644
edit.js File 1.37 KB 0644
explore.js File 1.67 KB 0644
fetch-package-metadata.js File 3.97 KB 0644
fetch-package-metadata.md File 1.77 KB 0644
fund.js File 4.91 KB 0644
get.js File 235 B 0644
help-search.js File 5.64 KB 0644
help.js File 6.35 KB 0644
hook.js File 4.62 KB 0644
init.js File 2.74 KB 0644
install-ci-test.js File 486 B 0644
install-test.js File 507 B 0644
install.js File 36.47 KB 0644
link.js File 5.6 KB 0644
logout.js File 1.26 KB 0644
ls.js File 16.09 KB 0644
npm.js File 14.37 KB 0644
org.js File 4.18 KB 0644
outdated.js File 12.28 KB 0644
owner.js File 6.6 KB 0644
pack.js File 11.79 KB 0644
ping.js File 1.11 KB 0644
prefix.js File 330 B 0644
profile.js File 11.13 KB 0644
prune.js File 2.23 KB 0644
publish.js File 5.14 KB 0644
rebuild.js File 2.09 KB 0644
repo.js File 1.44 KB 0644
restart.js File 64 B 0644
root.js File 320 B 0644
run-script.js File 5.41 KB 0644
search.js File 3.36 KB 0644
set.js File 276 B 0644
shrinkwrap.js File 9.82 KB 0644
star.js File 2.11 KB 0644
stars.js File 1.03 KB 0644
start.js File 62 B 0644
stop.js File 61 B 0644
substack.js File 509 B 0644
team.js File 4.61 KB 0644
test.js File 374 B 0644
token.js File 6.66 KB 0644
unbuild.js File 4.27 KB 0644
uninstall.js File 2.21 KB 0644
unpublish.js File 3.51 KB 0644
update.js File 2.16 KB 0644
version.js File 9.79 KB 0644
view.js File 15.11 KB 0644
visnup.js File 4.01 KB 0644
whoami.js File 1.77 KB 0644
xmas.js File 1.62 KB 0644