#979

Ran 06 May 2021 12:29AM UTC

Jobs 1

Files 39

Run time 5s

Badge

Embed ▾

pending completion

Build # #979

Build Type

push

Committed by

isaacs

Commit Message

audit: support alias specs and root package names

When the root package is a folder like '@magic/semver', the audit logic
would look at node.name, and see it as 'semver', and then report it as a
vulnerability.

Additionally, a dependency like 'npm:mkdirp@0.5.1' would not be detected
as a vulnerability, because the alias spec would never match against the
semver range (assuming that the dependency name even was found as a
vulnerability in the first place).

The fix here is:

1. Add Node.packageName getter, which returns the 'name' field from the
  node's package object.
2. Add this field as a queryable field in the inventory.
3. Base audits off of the packageName field, rather than the name field.

Fix: https://github.com/npm/cli/issues/3166

Run Details

3028 of 3028 branches covered (100.0%)

Branch coverage included in aggregate %.

4106 of 4106 relevant lines covered (100.0%)

564.2 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	#979.1	06 May 2021 12:29AM UTC	0	100.0

Source Files on build #979

Detailed source file information is not available for this build.

npm / arborist / #979

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #979

npm / arborist / #979

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #979

README BADGES
x