#999

Ran 06 May 2021 05:08PM UTC

Jobs 1

Files 38

Run time 32min

Badge

Embed ▾

pending completion

Build # #999

Build Type

push

Committed by

nlf

Commit Message

audit: support alias specs and root package names

When the root package has a name like `@magic/semver`, in a folder named
something like `/path/to/magic/semver`, the audit logic would look at
node.name, and see it as `semver`, and then report it as a
vulnerability.

Additionally, a dependency like `npm:mkdirp@0.5.1` would not be detected
as a vulnerability, because the alias spec would never match against the
semver range (assuming that the dependency name even was found as a
vulnerability in the first place).

The fix here is:

1. Add Node.packageName getter, which returns the `name` field from the
  node's package object.
2. Add this field as a queryable field in the inventory.
3. Base audits off of the packageName field, rather than the name field.

Fix: https://github.com/npm/cli/issues/3166

PR-URL: https://github.com/npm/arborist/pull/278
Credit: @isaacs
Close: #278
Reviewed-by: @nlf

Run Details

3047 of 3047 branches covered (100.0%)

Branch coverage included in aggregate %.

4110 of 4110 relevant lines covered (100.0%)

564.15 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	#999.1	06 May 2021 05:08PM UTC	0	100.0

Source Files on build #999

Detailed source file information is not available for this build.

npm / arborist / #999

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #999

npm / arborist / #999

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #999

README BADGES
x