From 56aceacf75407c88149ad940a4cbb4f35e87a6d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Wed, 9 Jan 2019 02:43:17 +0100 Subject: [PATCH 1/3] Handle git branch references correctly (#123) PR-URL: https://github.com/npm/cli/pull/123 Credit: @johanneswuerbach Reviewed-By: @aeschright --- lib/shrinkwrap.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/shrinkwrap.js b/lib/shrinkwrap.js index 90a4426523cab..dbb12b5bd4fba 100644 --- a/lib/shrinkwrap.js +++ b/lib/shrinkwrap.js @@ -167,6 +167,8 @@ function childVersion (top, child, req) { function childRequested (top, child, requested) { if (requested.type === 'directory' || requested.type === 'file') { return 'file:' + unixFormatPath(path.relative(top.path, child.package._resolved || requested.fetchSpec)) + } else if (requested.type === 'git' && child.package._from) { + return child.package._from } else if (!isRegistry(requested) && !child.fromBundle) { return child.package._resolved || requested.saveSpec || requested.rawSpec } else if (requested.type === 'tag') { From ad77448594b8c3c5d7d11bab361184983111826a Mon Sep 17 00:00:00 2001 From: "Emilis Dambauskas (Tokenmill)" Date: Wed, 9 Jan 2019 11:59:47 +0200 Subject: [PATCH 2/3] docs: described exit codes in npm-audit docs --- doc/cli/npm-audit.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/cli/npm-audit.md b/doc/cli/npm-audit.md index 4c6d717418ab3..f63bbd356d5a0 100644 --- a/doc/cli/npm-audit.md +++ b/doc/cli/npm-audit.md @@ -65,7 +65,8 @@ $ npm audit --parseable | awk -F $'\t' '{print $1,$4}' The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. The report returned includes instructions on how to act on -this information. +this information. The command will exit with a 0 exit code if no +vulnerabilities were found. You can also have npm automatically fix the vulnerabilities by running `npm audit fix`. Note that some vulnerabilities cannot be fixed automatically and @@ -99,6 +100,13 @@ The non-reversible identifiers are a sha256 of a session-specific UUID and the value being replaced, ensuring a consistent value within the payload that is different between runs. +## EXIT CODE + +The `npm audit` command will exit with a 0 exit code if no vulnerabilities were found. + +If vulnerabilities were found the exit code will depend on the `audit-level` +configuration setting. + ## SEE ALSO * npm-install(1) From fb2305993eed4cb486a11cae83bfaae4feb1e489 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kat=20March=C3=A1n?= Date: Mon, 18 Feb 2019 14:40:34 -0800 Subject: [PATCH 3/3] Update shrinkwrap.js --- lib/shrinkwrap.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/shrinkwrap.js b/lib/shrinkwrap.js index dbb12b5bd4fba..f19357b8124d6 100644 --- a/lib/shrinkwrap.js +++ b/lib/shrinkwrap.js @@ -111,9 +111,6 @@ function shrinkwrapDeps (deps, top, tree, seen) { var pkginfo = deps[moduleName(child)] = {} var requested = getRequested(child) || child.package._requested || {} pkginfo.version = childVersion(top, child, requested) - if (requested.type === 'git' && child.package._from) { - pkginfo.from = child.package._from - } if (child.fromBundle || child.isInLink) { pkginfo.bundled = true } else {