hendrixroa · January 18, 2020 22:14
diff --git a/yarnAudit.ts b/yarnAudit.ts
 import * as fs from 'fs';
 import * as _ from 'lodash';
 import { RequestAPI, RequiredUriUrl } from 'request';
 import * as request from 'request-promise-native';

 export class YarnAudit {
  private client: RequestAPI<
    request.RequestPromise,
    request.RequestPromiseOptions,
    RequiredUriUrl
  >;

  constructor() {
    this.client = request.defaults({
      baseUrl: 'https://slack.com/api/chat.postMessage',
      headers: {
        Authorization: `Bearer ${process.env.YARN_AUDIT_SLACK_TOKEN}`,
      },
      json: true,
    });
  }

  public transformAuditData(dataAudit: any): any {
    return _.map(dataAudit, (value: any) => value.module_name).join(', ');
  }

  public async sendReport(pathFile: string, moduleName: string) {
    // Cut per lines, yarn audit return each json item separated by \n
    const arrayVuln: string[] = fs.readFileSync(pathFile, 'utf8').split('\n');

    // Remove last empty item
    arrayVuln.pop();

    const summary: string | undefined =
      arrayVuln.find((item: string) => {
        const itemParsed: any = JSON.parse(item);
        return itemParsed.type === 'auditSummary';
      }) || '{}';

    const dataFile: any = JSON.parse(summary);
    const countVulnerabilities: any = Object.values(
      dataFile.data.vulnerabilities,
    ).reduce((total: number, current: number) => {
      return total + current;
    });

    if (countVulnerabilities > 0) {
      const stage =
        process.env.CI_COMMIT_REF_NAME === 'master' ? 'pro' : 'staging';
      const postData = {
        attachments: [
          {
            author_name: 'YARN - AUDIT',
            color: '#ff0000',
            mrkdwn_in: ['text', 'pretext'],
            text: `Found *${countVulnerabilities}* vulnerabilities in _${moduleName}_ project, for more details run _yarn audit_`,
          },
        ],
        channel: `your channel`,
        icon_emoji: ':danger:',
        mrkdwn: true,
        username: 'YARN Audit Alert',
      };
      const result = await this.client.post('', {
        body: postData,
      });
      // tslint:disable-next-line: no-console
      console.log('OK: ', result.ok);
    }
    // tslint:disable-next-line: no-console
    console.log('Vulnerabilities: ', countVulnerabilities);
  }
 }

 if (!process.argv[2] || !process.argv[3]) {
  // tslint:disable-next-line: no-console
  console.error(
    'The path file or module is missing, for example: PATH_FILE=yarn_audit.json MODULE=name',
  );
  process.exit(1);
 }
 const report: YarnAudit = new YarnAudit();
 report
  .sendReport(process.argv[2], process.argv[3])
  .then()
  // tslint:disable-next-line: no-console
  .catch((err: any) => console.error(err));
	import * as fs from 'fs';
	import * as _ from 'lodash';
	import { RequestAPI, RequiredUriUrl } from 'request';
	import * as request from 'request-promise-native';

	export class YarnAudit {
	private client: RequestAPI<
	request.RequestPromise,
	request.RequestPromiseOptions,
	RequiredUriUrl
	>;

	constructor() {
	this.client = request.defaults({
	baseUrl: 'https://slack.com/api/chat.postMessage',
	headers: {
	Authorization: `Bearer ${process.env.YARN_AUDIT_SLACK_TOKEN}`,
	},
	json: true,
	});
	}

	public transformAuditData(dataAudit: any): any {
	return _.map(dataAudit, (value: any) => value.module_name).join(', ');
	}

	public async sendReport(pathFile: string, moduleName: string) {
	// Cut per lines, yarn audit return each json item separated by \n
	const arrayVuln: string[] = fs.readFileSync(pathFile, 'utf8').split('\n');

	// Remove last empty item
	arrayVuln.pop();

	const summary: string \| undefined =
	arrayVuln.find((item: string) => {
	const itemParsed: any = JSON.parse(item);
	return itemParsed.type === 'auditSummary';
	}) \|\| '{}';

	const dataFile: any = JSON.parse(summary);
	const countVulnerabilities: any = Object.values(
	dataFile.data.vulnerabilities,
	).reduce((total: number, current: number) => {
	return total + current;
	});

	if (countVulnerabilities > 0) {
	const stage =
	process.env.CI_COMMIT_REF_NAME === 'master' ? 'pro' : 'staging';
	const postData = {
	attachments: [
	{
	author_name: 'YARN - AUDIT',
	color: '#ff0000',
	mrkdwn_in: ['text', 'pretext'],
	text: `Found ${countVulnerabilities} vulnerabilities in _${moduleName}_ project, for more details run _yarn audit_`,
	},
	],
	channel: `your channel`,
	icon_emoji: ':danger:',
	mrkdwn: true,
	username: 'YARN Audit Alert',
	};
	const result = await this.client.post('', {
	body: postData,
	});
	// tslint:disable-next-line: no-console
	console.log('OK: ', result.ok);
	}
	// tslint:disable-next-line: no-console
	console.log('Vulnerabilities: ', countVulnerabilities);
	}
	}

	if (!process.argv[2] \|\| !process.argv[3]) {
	// tslint:disable-next-line: no-console
	console.error(
	'The path file or module is missing, for example: PATH_FILE=yarn_audit.json MODULE=name',
	);
	process.exit(1);
	}
	const report: YarnAudit = new YarnAudit();
	report
	.sendReport(process.argv[2], process.argv[3])
	.then()
	// tslint:disable-next-line: no-console
	.catch((err: any) => console.error(err));