Add nsp to prepublish hook
Nsp is a tool published by the Node Security team, which scans a project for known and easily recognizable vulnerabilities. For a list of advisories, please check https://nodesecurity.io/advisories Change-Id: I554320d0c4aca86184e03aac853a5a4d9f48fcdd
This commit is contained in:
parent
d53c4d6aa6
commit
0cd80006fd
|
@ -11,6 +11,7 @@
|
|||
var license = require('./lib/component/license');
|
||||
var eslint = require('./lib/component/eslint');
|
||||
var gitignore = require('./lib/component/gitignore');
|
||||
var nsp = require('./lib/component/nsp');
|
||||
|
||||
module.exports = yeoman.Base.extend({
|
||||
|
||||
|
@ -35,6 +36,7 @@
|
|||
.then(license.init) // Licensing
|
||||
.then(eslint.init) // Linting
|
||||
.then(gitignore.init) // Gitignore
|
||||
.then(nsp.init) // NSP
|
||||
.then(function () {
|
||||
done();
|
||||
});
|
||||
|
@ -51,6 +53,7 @@
|
|||
.then(license.prompt) // Licensing
|
||||
.then(eslint.prompt) // Linting
|
||||
.then(gitignore.prompt) // Gitignore
|
||||
.then(nsp.prompt) // NSP
|
||||
.then(function () {
|
||||
done();
|
||||
});
|
||||
|
@ -67,6 +70,7 @@
|
|||
.then(license.configure) // Licensing
|
||||
.then(eslint.configure) // Linting
|
||||
.then(gitignore.configure) // Gitignore
|
||||
.then(nsp.configure) // NSP
|
||||
.then(function () {
|
||||
done();
|
||||
});
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
* Copyright (c) 2016 Hewlett Packard Enterprise Development Company, LP
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License. You may obtain
|
||||
* a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
/**
|
||||
* This module adds the Node Security commandline tool (nsp) to the project.
|
||||
* Its job is to identify known vulnerabilities by scanning the projects
|
||||
* source and dependencies.
|
||||
*/
|
||||
(function () {
|
||||
'use strict';
|
||||
|
||||
var projectBuilder = require('../project_builder');
|
||||
var pkgBuilder = require('../pkg_builder');
|
||||
|
||||
/**
|
||||
* No-op placeholder method, for handlers we don't need.
|
||||
*
|
||||
* @param {generator} generator The currently active generator.
|
||||
* @returns {generator} The passed generator, for promise chaining.
|
||||
*/
|
||||
function noop (generator) {
|
||||
return generator;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method configures the package builder with all options necessary
|
||||
* to run nsp.
|
||||
*
|
||||
* @param {generator} generator The currently active generator.
|
||||
* @returns {generator} The passed generator, for promise chaining.
|
||||
*/
|
||||
function promptNsp (generator) {
|
||||
// At this time, we don't actually need to prompt the user.
|
||||
|
||||
// Add the dependencies.
|
||||
pkgBuilder.addDependencies(['nsp'], 'devDependencies');
|
||||
pkgBuilder.addCommand('prepublish', 'nsp check');
|
||||
|
||||
return generator;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure the project by adding required files.
|
||||
*
|
||||
* @param {generator} generator The currently active generator.
|
||||
* @returns {generator} The passed generator, for promise chaining.
|
||||
*/
|
||||
function configureNsp (generator) {
|
||||
projectBuilder.addFile('.nsprc');
|
||||
return generator;
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
init: noop,
|
||||
prompt: promptNsp,
|
||||
configure: configureNsp
|
||||
};
|
||||
})();
|
|
@ -0,0 +1,109 @@
|
|||
/*
|
||||
* Copyright (c) 2016 Hewlett Packard Enterprise Development Company, LP
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License. You may obtain
|
||||
* a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
(function () {
|
||||
'use strict';
|
||||
var libDir = '../../../../generators/app/lib';
|
||||
|
||||
var nsp = require(libDir + '/component/nsp');
|
||||
var projectBuilder = require(libDir + '/project_builder');
|
||||
var pkgBuilder = require(libDir + '/pkg_builder');
|
||||
var mocks = require('../../../helpers/mocks');
|
||||
var mockGenerator;
|
||||
|
||||
describe('generator-openstack:lib/component/nsp', function () {
|
||||
|
||||
beforeEach(function () {
|
||||
mockGenerator = mocks.buildGenerator();
|
||||
projectBuilder.clear();
|
||||
});
|
||||
|
||||
it('should define init, prompt, and configure',
|
||||
function () {
|
||||
expect(typeof nsp.init).toBe('function');
|
||||
expect(typeof nsp.prompt).toBe('function');
|
||||
expect(typeof nsp.configure).toBe('function');
|
||||
});
|
||||
|
||||
describe('init()', function () {
|
||||
it('should return a generator',
|
||||
function () {
|
||||
var outputGenerator = nsp.init(mockGenerator);
|
||||
expect(outputGenerator).toEqual(mockGenerator);
|
||||
});
|
||||
|
||||
it('should do nothing',
|
||||
function () {
|
||||
var spy = spyOn(mockGenerator.config, 'defaults');
|
||||
nsp.init(mockGenerator);
|
||||
expect(spy.calls.any()).toBeFalsy();
|
||||
});
|
||||
});
|
||||
|
||||
describe('prompt()', function () {
|
||||
it('should return a generator',
|
||||
function () {
|
||||
var outputGenerator = nsp.prompt(mockGenerator);
|
||||
expect(outputGenerator).toEqual(mockGenerator);
|
||||
});
|
||||
|
||||
it('should add nsp to dependencies',
|
||||
function () {
|
||||
pkgBuilder.fromJSON('{"devDependencies":{}}');
|
||||
|
||||
var devDeps = pkgBuilder.getValue('devDependencies');
|
||||
expect(devDeps.nsp).not.toBeDefined();
|
||||
|
||||
nsp.prompt(mockGenerator);
|
||||
|
||||
devDeps = pkgBuilder.getValue('devDependencies');
|
||||
expect(devDeps.nsp).toBeDefined();
|
||||
});
|
||||
|
||||
it('should add the prepublish hook to the project',
|
||||
function () {
|
||||
pkgBuilder.fromJSON('{}');
|
||||
|
||||
var scripts = pkgBuilder.getValue('scripts');
|
||||
expect(scripts).not.toBeDefined();
|
||||
|
||||
nsp.prompt(mockGenerator);
|
||||
|
||||
var newScripts = pkgBuilder.getValue('scripts');
|
||||
expect(newScripts.prepublish).toBeDefined();
|
||||
expect(newScripts.prepublish).toEqual('nsp check');
|
||||
});
|
||||
});
|
||||
|
||||
describe('configure()', function () {
|
||||
it('should return a generator',
|
||||
function () {
|
||||
var outputGenerator = nsp.configure(mockGenerator);
|
||||
expect(outputGenerator).toEqual(mockGenerator);
|
||||
});
|
||||
|
||||
it('should add .nsprc to the project files.',
|
||||
function () {
|
||||
nsp.configure(mockGenerator);
|
||||
|
||||
var files = projectBuilder.getIncludedFiles();
|
||||
expect(files.length).toBe(1);
|
||||
expect(files[0].from).toBe('.nsprc');
|
||||
expect(files[0].to).toBe('.nsprc');
|
||||
});
|
||||
});
|
||||
});
|
||||
})();
|
Loading…
Reference in New Issue