Issue 28: Fix code smells (#29)

* Resolved several of the sonarlint issues

* Cleaned up long line

* Resolve SonarQube code smells

* Bumped micro version

* Resolve remaining sonarqube code smells

lib/parse_args.js

@@ -1,16 +1,16 @@
 /**
  * Copyright [2018] [Joseph B. Phillips]
  *
- * Licensed under the Apache License, Version 2.0 (the "License"); 
- * you may not use this file except in compliance with the License. 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
@@ -23,6 +23,7 @@ const exec = util.promisify(require('child_process').exec);
 /** The list of valid threshold values */
 const validThresholds = [ 'low', 'moderate', 'high', 'critical' ];
 
+const IGNORE_DEV_DEP = 'ignore-dev-dependencies';
 /**
  * CLI Arguments
  */
@@ -35,7 +36,7 @@ const options = [
     example: "'npm-audit-ci-wrapper --threshold=high' or 'npm-audit-ci-wrapper -t high'"
   },
   {
-    name: 'ignore-dev-dependencies',
+    name: IGNORE_DEV_DEP,
     short: 'p',
     type: 'boolean',
     description: 'Tells the tool to ignore dev dependencies and only fail the build on runtime dependencies which exceed the threshold',
@@ -52,7 +53,7 @@ const options = [
     name: 'registry',
     short: 'r',
     type: 'string',
-    description: 'Submit the dependency report to and get the list of vulnerabilities from this npm registry. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.',
+    description: 'Set an alternate NPM registry server. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.',
     example: "'npm-audit-ci-wrapper --registry=https://registry.npmjs.org/'"
   },
   {
@@ -77,19 +78,19 @@ async function check_npm_version() {
 
 /**
  * Parse CLI arguments and extract configuration for application
- * @param {string[]} cli_args 
+ * @param {string[]} cli_args
  */
 function parse_args(cli_args = process.argv) {
   let args = argv.option( options ).run(cli_args);
 
   // Check to see if this script should ignore dev dependencies
-  let ignoreDev = (args.options.hasOwnProperty('ignore-dev-dependencies') && args.options['ignore-dev-dependencies']);
+  let ignoreDev = (args.options.hasOwnProperty(IGNORE_DEV_DEP) && args.options[IGNORE_DEV_DEP]);
 
   // Define which threshold this script should cause a non-zero exit status
   let threshold = validThresholds.indexOf('critical');
 
   if (
-        args.options.hasOwnProperty('threshold') && 
+        args.options.hasOwnProperty('threshold') &&
         validThresholds.indexOf(args.options.threshold.toLocaleLowerCase()) > -1
       ) {
     threshold = validThresholds.indexOf(args.options.threshold.toLocaleLowerCase()); // Set the threshold
@@ -113,4 +114,4 @@ module.exports = {
   'parse_args': parse_args,
   'validThresholds': validThresholds,
   'check_npm_version': check_npm_version
-}
+}

lib/parse_args.test.js

@@ -1,16 +1,16 @@
 /**
  * Copyright [2018] [Joseph B. Phillips]
  *
- * Licensed under the Apache License, Version 2.0 (the "License"); 
- * you may not use this file except in compliance with the License. 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
@@ -31,7 +31,7 @@ test('Validate help output', async () => {
   expect(stdout).toContain("'npm-audit-ci-wrapper -p' or 'npm-audit-ci-wrapper --ignore-dev-dependencies'");
   expect(stdout).toContain('Do not fail, just output the filtered JSON data which matches the specified threshold/scope (useful in combination with `npm-audit-html`)');
   expect(stdout).toContain("'npm-audit-ci-wrapper --threshold=high -p --json' or 'npm-audit-ci-wrapper -j'");
-  expect(stdout).toContain('Submit the dependency report to and get the list of vulnerabilities from this npm registry. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.');
+  expect(stdout).toContain('Set an alternate NPM registry server. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.');
   expect(stdout).toContain("'npm-audit-ci-wrapper --registry=https://registry.npmjs.org/'");
   expect(stdout).toContain('Whitelist the given dependency at the specified version or all versions (Can be specified multiple times).');
   expect(stdout).toContain("'npm-audit-ci-wrapper -w https-proxy-agent' or 'npm-audit-ci-wrapper -w https-proxy-agent:*' or 'npm-audit-ci-wrapper --whitelist=https-proxy-agent:1.0.0'");

lib/parser.js

@@ -1,16 +1,16 @@
 /**
  * Copyright [2018] [Joseph B. Phillips]
  *
- * Licensed under the Apache License, Version 2.0 (the "License"); 
- * you may not use this file except in compliance with the License. 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
@@ -51,7 +51,13 @@ function parse_audit_results(err, stdout, threshold, ignoreDev, json_output = fa
         let libraryVersion = advisory[1].findings[0].version;
         let advisoryOverview = 'https://www.npmjs.com/advisories/' + advisory[0];
         let severity = advisory[1].severity;
-        cli_output += util.format("    %s(%s): %s (%s >= %s)\n", libraryName.padStart(30), libraryVersion.padEnd(20), advisoryOverview.padEnd(50), severity, validThresholds[threshold]);
+        cli_output += util.format(
+                                    "    %s(%s): %s (%s >= %s)\n",
+                                    libraryName.padStart(30),
+                                    libraryVersion.padEnd(20),
+                                    advisoryOverview.padEnd(50),
+                                    severity,
+                                    validThresholds[threshold]);
       });
     }
   }
@@ -70,30 +76,29 @@ function filter_advisories(advisories, ignoreDev, threshold, whitelist = []) {
   const filteredByThreshold = advisories.filter((advisory, idx) => {
     return (!(advisory[1].findings[0].dev && ignoreDev));   // Filter out Dev dependencies when indicated
   });
-  
+
   const filteredByDev = filteredByThreshold.filter((advisory, idx) => {
     return (validThresholds.indexOf(advisory[1].severity) >= threshold);  // Filter out lower severities when indicated
   });
 
-  const filterWhitelist = filteredByDev.filter((advisory, idx) => {
+  return filteredByDev.filter((advisory, idx) => {
     const module_name = advisory[1].module_name;
     const module_version = advisory[1].findings[0].version;
     for (let i = 0; i < whitelist.length; i++) {
-      if (whitelist[i].startsWith(module_name+':') || (whitelist[i] == module_name)) {
+      if (whitelist[i].startsWith(module_name+':') || (whitelist[i] === module_name)) {
         const version = whitelist[i].split(':')[1];   // Module name matches, check the version
-        if (version === undefined || version == '*') {
+        if (version === undefined || version === '*') {
           return false;       // Version was not specified or is a wildcard, so filter out this item
-        } else if (version == module_version) {
+        } else if (version === module_version) {
           return false;       // Version matches specified version, so filter out this item
         }
       }
     }
     return true;
   });
-  return filterWhitelist;
 }
 
 module.exports = {
   parse_audit_results,
   filter_advisories: filter_advisories
-};
+};

lib/parser.test.js

@@ -1,16 +1,16 @@
 /**
  * Copyright [2018] [Joseph B. Phillips]
  *
- * Licensed under the Apache License, Version 2.0 (the "License"); 
- * you may not use this file except in compliance with the License. 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 

package.json

@@ -1,17 +1,29 @@
 {
   "name": "npm-audit-ci-wrapper",
-  "version": "2.1.7",
+  "version": "2.1.8",
   "description": "A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins",
-  "keywords": ["npm", "audit", "ci", "security", "dependencies", "jenkins", "travis"],
+  "keywords": [
+    "npm",
+    "audit",
+    "ci",
+    "security",
+    "dependencies",
+    "jenkins",
+    "travis"
+  ],
   "main": "index.js",
   "scripts": {
     "test": "jest --collect-coverage",
     "sonar": "sonar-scanner -Dsonar.host.url=https://sonarcloud.io/ -Dsonar.login=$(cat ~/.sonar_token) -Dsonar.projectVersion=$npm_package_version",
     "stryker": "node_modules/stryker-cli/bin/stryker-cli run"
   },
   "jest": {
-    "testPathIgnorePatterns": ["<rootDir>/.stryker-tmp/"],
-    "testMatch": ["**/?(*.)+(spec|test).[jt]s?(x)"]
+    "testPathIgnorePatterns": [
+      "<rootDir>/.stryker-tmp/"
+    ],
+    "testMatch": [
+      "**/?(*.)+(spec|test).[jt]s?(x)"
+    ]
   },
   "author": "Deven Phillips <deven.phillips@redhat.com>",
   "repository": {