Add Fix column to security report

Author: WhittJS

src/types/general.d.ts

@@ -42,6 +42,7 @@ export interface v7Vulnerability {
   readonly name: string;
   readonly via: v7VulnerabilityVia[] | string[];
   readonly nodes: string[];
+  readonly fixAvailable?: boolean | { name: string; version: string; isSemVerMajor: boolean };
 }
 
 export interface v7VulnerabilityVia {

src/types/table.d.ts

@@ -1,2 +1,2 @@
-export type SecurityReportHeader = 'ID' | 'Module' | 'Title' | 'Paths' | 'Severity' | 'URL' | 'Ex.';
+export type SecurityReportHeader = 'ID' | 'Module' | 'Title' | 'Paths' | 'Severity' | 'URL' | 'Ex.' | 'Fix';
 export type ExceptionReportHeader = 'ID' | 'Status' | 'Expiry' | 'Notes';

src/utils/print.ts

@@ -2,7 +2,7 @@ import get from 'lodash.get';
 import { table, TableUserConfig } from 'table';
 import { SecurityReportHeader, ExceptionReportHeader } from 'src/types';
 
-const SECURITY_REPORT_HEADER: SecurityReportHeader[] = ['ID', 'Module', 'Title', 'Paths', 'Severity', 'URL', 'Ex.'];
+const SECURITY_REPORT_HEADER: SecurityReportHeader[] = ['ID', 'Module', 'Title', 'Paths', 'Severity', 'URL', 'Ex.', 'Fix'];
 const EXCEPTION_REPORT_HEADER: ExceptionReportHeader[] = ['ID', 'Status', 'Expiry', 'Notes'];
 
 // TODO: Add unit tests

src/utils/vulnerability.ts

@@ -174,6 +174,7 @@ export function processAuditJson(
           { key: 'Severity', value: cur.severity },
           { key: 'URL', value: cur.url },
           { key: 'Ex.', value: isExcepted ? 'y' : 'n' },
+          { key: 'Fix', value: 'N/A' },
         ]
           .filter(({ key }) => (columnsToInclude.length ? columnsToInclude.includes(key) : true))
           .map(({ key, value }) =>
@@ -245,6 +246,16 @@ export function processAuditJson(
             { key: 'Severity', value: vul.severity, bgColor: getSeverityBgColor(vul.severity) },
             { key: 'URL', value: vul.url },
             { key: 'Ex.', value: isExcepted ? 'y' : 'n' },
+            {
+              key: 'Fix',
+              value: (() => {
+                const fixAvailable = get(cur, 'fixAvailable');
+                if (typeof fixAvailable === 'object' && fixAvailable !== null && fixAvailable.isSemVerMajor) {
+                  return 'major';
+                }
+                return String(Boolean(fixAvailable));
+              })(),
+            },
           ]
             .filter(({ key }) => (columnsToInclude.length ? columnsToInclude.includes(key) : true))
             .map(({ key, value, bgColor }) => color(value, isExcepted ? '' : 'yellow', key === 'Severity' ? bgColor : undefined));
@@ -340,7 +351,8 @@ export function processExceptions(nsprc: NsprcFile, cmdExceptions: string[] = []
       }
 
       // Color the date accordingly
-      let expiryDate = get(details, 'expiry') ? new Date(get(details, 'expiry')).toUTCString() : '';
+      const expiry: string | number | undefined = get(details, 'expiry');
+      let expiryDate = expiry !== undefined && expiry !== null ? new Date(expiry).toUTCString() : '';
       // If it was expired for more than 5 years ago, warn by coloring the date in red
       if (years && years <= -5) {
         expiryDate = color(expiryDate, 'red');
@@ -368,7 +380,10 @@ export function processExceptions(nsprc: NsprcFile, cmdExceptions: string[] = []
  * @param {Array} unusedExceptionIds      List of unused exception IDs
  * @param {Array} unusedExceptionModules  List of unused exception module names
  */
-export function handleUnusedExceptions(unusedExceptionIds: string[], unusedExceptionModules: string[]): void {
+export function handleUnusedExceptions(
+  unusedExceptionIds: (string | null | undefined)[],
+  unusedExceptionModules: (string | null | undefined)[],
+): void {
   const cleanedUnusedExceptionIds = unusedExceptionIds.filter(Boolean);
   const cleanedUnusedExceptionModules = unusedExceptionModules.filter(Boolean);
   const message = [

test/__mocks__/v6-security-report-table-data.json

@@ -6,7 +6,8 @@
     "\u001b[33mloopback-component-explorer>swagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/975\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m976\u001b[0m",
@@ -15,7 +16,8 @@
     "\u001b[33mloopback-component-explorer>swagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/976\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m985\u001b[0m",
@@ -24,7 +26,8 @@
     "\u001b[33mloopback-component-explorer>swagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/985\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1084\u001b[0m",
@@ -33,7 +36,8 @@
     "\u001b[33mloopback-connector-rest>strong-globalize>os-locale>mem\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1084\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1179\u001b[0m",
@@ -42,7 +46,8 @@
     "\u001b[33mmocha>mkdirp>minimist\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1179\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1213\u001b[0m",
@@ -51,7 +56,8 @@
     "\u001b[33mnodemon>update-notifier>configstore>dot-prop\u001b[0m",
     "\u001b[33m\u001b[41mhigh\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1213\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1500\u001b[0m",
@@ -60,7 +66,8 @@
     "\u001b[33mmocha>yargs-parser\nmocha>yargs-unparser>yargs>yargs-parser\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1500\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1523\u001b[0m",
@@ -69,7 +76,8 @@
     "\u001b[33mlodash\nloopback>async>lodash\nloopback>loopback-connector-remote>loopback-datasource-juggler>async>lodash\nloopback>loopback-datasource-juggler>async>lodash\nloopback>loopback-connector-remote>strong-remoting>loopback-phase>async>lodash\n...and 40 more\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1523\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1555\u001b[0m",
@@ -78,7 +86,8 @@
     "\u001b[33mloopback>loopback-connector-remote>loopback-datasource-juggler>loopback-connector>msgpack5>bl\nloopback>loopback-datasource-juggler>loopback-connector>msgpack5>bl\nloopback-connector-mongodb>loopback-connector>msgpack5>bl\u001b[0m",
     "\u001b[33m\u001b[41mcritical\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1555\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1556\u001b[0m",
@@ -87,7 +96,8 @@
     "\u001b[33mloopback-connector-rest>strong-globalize>g11n-pipeline>swagger-client>cross-fetch>node-fetch\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1556\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ],
   [
     "\u001b[33m1589\u001b[0m",
@@ -96,6 +106,7 @@
     "\u001b[33mnodemon>chokidar>fsevents>node-pre-gyp>rc>ini\nnodemon>update-notifier>is-installed-globally>global-dirs>ini\nnodemon>update-notifier>latest-version>package-json>registry-auth-token>rc>ini\nnodemon>update-notifier>latest-version>package-json>registry-url>rc>ini\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1589\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mN/A\u001b[0m"
   ]
 ]

test/__mocks__/v7-security-report-table-data.json

@@ -6,7 +6,8 @@
     "\u001b[33mbl\u001b[0m",
     "\u001b[33m\u001b[41mcritical\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1555\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m1213\u001b[0m",
@@ -15,7 +16,8 @@
     "\u001b[33mdot-prop\u001b[0m",
     "\u001b[33m\u001b[41mhigh\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1213\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m1589\u001b[0m",
@@ -24,7 +26,8 @@
     "\u001b[33mfsevents>ini\nini\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1589\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m1523\u001b[0m",
@@ -33,7 +36,8 @@
     "\u001b[33mlodash\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1523\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m1084\u001b[0m",
@@ -42,7 +46,8 @@
     "\u001b[33mloopback-connector-rest>mem\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1084\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m1179\u001b[0m",
@@ -51,7 +56,8 @@
     "\u001b[33mmocha>minimist\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1179\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m1556\u001b[0m",
@@ -60,7 +66,8 @@
     "\u001b[33mnode-fetch\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1556\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ],
   [
     "\u001b[33m975\u001b[0m",
@@ -69,7 +76,8 @@
     "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/975\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mmajor\u001b[0m"
   ],
   [
     "\u001b[33m976\u001b[0m",
@@ -78,7 +86,8 @@
     "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/976\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mmajor\u001b[0m"
   ],
   [
     "\u001b[33m985\u001b[0m",
@@ -87,7 +96,8 @@
     "\u001b[33mswagger-ui\u001b[0m",
     "\u001b[33mmoderate\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/985\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mmajor\u001b[0m"
   ],
   [
     "\u001b[33m1500\u001b[0m",
@@ -96,6 +106,7 @@
     "\u001b[33mmocha>yargs-parser\nyargs-unparser>yargs-parser\u001b[0m",
     "\u001b[33mlow\u001b[0m",
     "\u001b[33mhttps://npmjs.com/advisories/1500\u001b[0m",
-    "\u001b[33mn\u001b[0m"
+    "\u001b[33mn\u001b[0m",
+    "\u001b[33mtrue\u001b[0m"
   ]
 ]