@@ -8,7 +8,7 @@ const tufClient = require('@sigstore/tuf')
8 8 9 9
const ArboristWorkspaceCmd = require('../arborist-cmd.js')
10 10
const auditError = require('../utils/audit-error.js')
11 -
const { log } = require('proc-log')
11 +
const { log, output } = require('proc-log')
12 12
const reifyFinish = require('../utils/reify-finish.js')
13 13 14 14
const sortAlphabetically = (a, b) => localeCompare(a.name, b.name)
@@ -65,7 +65,7 @@ class VerifySignatures {
65 65
}
66 66 67 67
if (this.npm.config.get('json')) {
68 -
this.npm.output(JSON.stringify({
68 +
output.standard(JSON.stringify({
69 69
invalid,
70 70
missing,
71 71
}, null, 2))
@@ -77,91 +77,91 @@ class VerifySignatures {
77 77
const auditedPlural = this.auditedWithKeysCount > 1 ? 's' : ''
78 78
const timing = `audited ${this.auditedWithKeysCount} package${auditedPlural} in ` +
79 79
`${Math.floor(Number(elapsed) / 1e9)}s`
80 -
this.npm.output(timing)
81 -
this.npm.output('')
80 +
output.standard(timing)
81 +
output.standard('')
82 82 83 83
const verifiedBold = this.npm.chalk.bold('verified')
84 84
if (this.verifiedSignatureCount) {
85 85
if (this.verifiedSignatureCount === 1) {
86 86
/* eslint-disable-next-line max-len */
87 -
this.npm.output(`${this.verifiedSignatureCount} package has a ${verifiedBold} registry signature`)
87 +
output.standard(`${this.verifiedSignatureCount} package has a ${verifiedBold} registry signature`)
88 88
} else {
89 89
/* eslint-disable-next-line max-len */
90 -
this.npm.output(`${this.verifiedSignatureCount} packages have ${verifiedBold} registry signatures`)
90 +
output.standard(`${this.verifiedSignatureCount} packages have ${verifiedBold} registry signatures`)
91 91
}
92 -
this.npm.output('')
92 +
output.standard('')
93 93
}
94 94 95 95
if (this.verifiedAttestationCount) {
96 96
if (this.verifiedAttestationCount === 1) {
97 97
/* eslint-disable-next-line max-len */
98 -
this.npm.output(`${this.verifiedAttestationCount} package has a ${verifiedBold} attestation`)
98 +
output.standard(`${this.verifiedAttestationCount} package has a ${verifiedBold} attestation`)
99 99
} else {
100 100
/* eslint-disable-next-line max-len */
101 -
this.npm.output(`${this.verifiedAttestationCount} packages have ${verifiedBold} attestations`)
101 +
output.standard(`${this.verifiedAttestationCount} packages have ${verifiedBold} attestations`)
102 102
}
103 -
this.npm.output('')
103 +
output.standard('')
104 104
}
105 105 106 106
if (missing.length) {
107 107
const missingClr = this.npm.chalk.bold(this.npm.chalk.red('missing'))
108 108
if (missing.length === 1) {
109 109
/* eslint-disable-next-line max-len */
110 -
this.npm.output(`1 package has a ${missingClr} registry signature but the registry is providing signing keys:`)
110 +
output.standard(`1 package has a ${missingClr} registry signature but the registry is providing signing keys:`)
111 111
} else {
112 112
/* eslint-disable-next-line max-len */
113 -
this.npm.output(`${missing.length} packages have ${missingClr} registry signatures but the registry is providing signing keys:`)
113 +
output.standard(`${missing.length} packages have ${missingClr} registry signatures but the registry is providing signing keys:`)
114 114
}
115 -
this.npm.output('')
115 +
output.standard('')
116 116
missing.map(m =>
117 -
this.npm.output(`${this.npm.chalk.red(`${m.name}@${m.version}`)} (${m.registry})`)
117 +
output.standard(`${this.npm.chalk.red(`${m.name}@${m.version}`)} (${m.registry})`)
118 118
)
119 119
}
120 120 121 121
if (invalid.length) {
122 122
if (missing.length) {
123 -
this.npm.output('')
123 +
output.standard('')
124 124
}
125 125
const invalidClr = this.npm.chalk.bold(this.npm.chalk.red('invalid'))
126 126
// We can have either invalid signatures or invalid provenance
127 127
const invalidSignatures = this.invalid.filter(i => i.code === 'EINTEGRITYSIGNATURE')
128 128
if (invalidSignatures.length) {
129 129
if (invalidSignatures.length === 1) {
130 -
this.npm.output(`1 package has an ${invalidClr} registry signature:`)
130 +
output.standard(`1 package has an ${invalidClr} registry signature:`)
131 131
} else {
132 132
/* eslint-disable-next-line max-len */
133 -
this.npm.output(`${invalidSignatures.length} packages have ${invalidClr} registry signatures:`)
133 +
output.standard(`${invalidSignatures.length} packages have ${invalidClr} registry signatures:`)
134 134
}
135 -
this.npm.output('')
135 +
output.standard('')
136 136
invalidSignatures.map(i =>
137 -
this.npm.output(`${this.npm.chalk.red(`${i.name}@${i.version}`)} (${i.registry})`)
137 +
output.standard(`${this.npm.chalk.red(`${i.name}@${i.version}`)} (${i.registry})`)
138 138
)
139 -
this.npm.output('')
139 +
output.standard('')
140 140
}
141 141 142 142
const invalidAttestations = this.invalid.filter(i => i.code === 'EATTESTATIONVERIFY')
143 143
if (invalidAttestations.length) {
144 144
if (invalidAttestations.length === 1) {
145 -
this.npm.output(`1 package has an ${invalidClr} attestation:`)
145 +
output.standard(`1 package has an ${invalidClr} attestation:`)
146 146
} else {
147 147
/* eslint-disable-next-line max-len */
148 -
this.npm.output(`${invalidAttestations.length} packages have ${invalidClr} attestations:`)
148 +
output.standard(`${invalidAttestations.length} packages have ${invalidClr} attestations:`)
149 149
}
150 -
this.npm.output('')
150 +
output.standard('')
151 151
invalidAttestations.map(i =>
152 -
this.npm.output(`${this.npm.chalk.red(`${i.name}@${i.version}`)} (${i.registry})`)
152 +
output.standard(`${this.npm.chalk.red(`${i.name}@${i.version}`)} (${i.registry})`)
153 153
)
154 -
this.npm.output('')
154 +
output.standard('')
155 155
}
156 156 157 157
if (invalid.length === 1) {
158 158
/* eslint-disable-next-line max-len */
159 -
this.npm.output(`Someone might have tampered with this package since it was published on the registry!`)
159 +
output.standard(`Someone might have tampered with this package since it was published on the registry!`)
160 160
} else {
161 161
/* eslint-disable-next-line max-len */
162 -
this.npm.output(`Someone might have tampered with these packages since they were published on the registry!`)
162 +
output.standard(`Someone might have tampered with these packages since they were published on the registry!`)
163 163
}
164 -
this.npm.output('')
164 +
output.standard('')
165 165
}
166 166
}
167 167
@@ -463,7 +463,7 @@ class Audit extends ArboristWorkspaceCmd {
463 463
chalk: this.npm.chalk,
464 464
})
465 465
process.exitCode = process.exitCode || result.exitCode
466 -
this.npm.output(result.report)
466 +
output.standard(result.report)
467 467
}
468 468
}
469 469 RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4