Shell script to check for security vulnerabilities in composer and node deps

depcheck.sh

 #!/bin/bash
 #
 # Russell Michell 2018 <[email protected]>
 #
 # What is this?
 # 
 # Provides an indication of any security vulnerabilities in a project's composer and npm dependencies
 
 errors_npm=0
 errors_cmp=0
 
 # Composer
 function check_composer()
 {
     cmd=$( php /vagrant/vendor/bin/security-checker security:check /vagrant/composer.lock )
 
     if [ "$( echo $cmd | grep 'No packages' )" ]; then
         echo -e "[PASS]"
     else
         echo -e "[FAIL]"
         errors_cmp=1
         echo -e "$cmd"
     fi  
 }
 
 # Check NPM packages for each theme in this project
 # Will print the output of `npm audit` to stdout if problems are found, prints "[FAIL]" and will exit with non-zero.
 # Otherwise, prints "[OK]" and exits 0
 function check_npm()
 {
     # NPM: Where should we run the cmd?
     dirs=$( find . -maxdepth 3 -name package.json | cut -d'/' -f 2,3 | sed -e 's#/package.json##g' )
     start=$( pwd )
 
     for dir in $dirs; do
         cd $dir
         if [ "$( npm audit --dry-run | grep 'found 0' )" ]; then
             echo -e "[PASS]"
         else
             echo -e "[FAIL]"
             errors_npm=1
             npm audit
         fi
     
         # Reset..
         cd $start
     done
 }
 
 echo -e "Checking Composer deps..."
 check_composer
 echo -e "Done!"
 echo -e "Checking npm deps..."
 check_npm
 echo -e "Done!"
 
 if [[ $errors_npm -eq 0 && $errors_cmp -eq 0 ]]; then
     exit 0
 else
     exit 1
 fi