Last active
October 7, 2020 22:00
-
-
Save darcyclarke/6d9e9de555997e9aa9fe828fe1fdef7d to your computer and use it in GitHub Desktop.
A `npm audit <pkg>` proof-of-concept in bash...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PKG=package.json | |
| DIR=npm-audit-tmp | |
| mkdir $DIR && cd $DIR && [[ $* == *--dry-run* && -f "../$PKG" ]] && cp "../$PKG" $PKG || echo '{}' >$PKG && npm i $1 --no-audit --package-lock-only --silent; npm audit; cd ../ && rm -rf $DIR | |
| # Installation: | |
| # 1. copy this into a file: /usr/local/bin/npm-audit | |
| # 2. make it executable: chmod +x /usr/local/bin/npm-audit | |
| # Usage: | |
| # npm-audit <pkg> - displays the audit results for a specific package & it's dependencies | |
| # npm-audit <pkg> --dry-run - displays the audit results for a specific package as if it had been installed in the current project | |
| # Example(s): | |
| # npm-audit bcrypt@4 | |
| # npm init -y && npm i express@2 && npm-audit bcrypt@4 --dry-run # creates a project, adds some dep w/ other issues & shows that audit outputs both the new & existing audit issues | |
| # How it works: | |
| # running install w/ --package-lock-only avoids fetching tarballs/reifying & | |
| # npm audit can still work with just a package-lock.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment