Update parse-npm-vulnerabilities.cjs

bcgov · Jul 12, 2024 · 44bd305 · 44bd305
1 parent 39b5d75
commit 44bd305
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/.github/helpers/npm-audit/parse-npm-vulnerabilities.cjs b/.github/helpers/npm-audit/parse-npm-vulnerabilities.cjs
@@ -1,11 +1,14 @@
-const enhanceVulnerabilityList = require('./enhance-vulnerability-list.cjs');
-const findIndirectVulnerableDependencies = require('./find-indirect-vulnerable-deps.cjs');
-const runNpmAudit = require('./run-npm-audit.cjs');
+const enhanceVulnerabilityList = require("./enhance-vulnerability-list.cjs");
+const findIndirectVulnerableDependencies = require("./find-indirect-vulnerable-deps.cjs");
+const runNpmAudit = require("./run-npm-audit.cjs");
+const { execSync } = require("child_process");
+const path = require("path");
+const fs = require("fs");
 
 // Requires semver dependency to run.
 
 const LOCAL_TEST = false;
-const TEST_DIR_PATHS = ['.'];
+const TEST_DIR_PATHS = ["."];
 
 /**
  * THIS FILE DOES NOT REQUIRE ANY EDITING.
@@ -19,25 +22,36 @@ const TEST_DIR_PATHS = ['.'];
  */
 
 // Get directory paths from env.
-const directoryPaths = LOCAL_TEST ? TEST_DIR_PATHS : JSON.parse(process.env.directoryPaths);
+const directoryPaths = LOCAL_TEST
+  ? TEST_DIR_PATHS
+  : JSON.parse(process.env.directoryPaths);
 
 // Save results to json.
 let results = {};
 
 (async () => {
   // Create an array of promises for each dirPath.
   const promises = directoryPaths.map(async (dirPath) => {
+    const resolvedPath = path.resolve(__dirname, `../../../${dirPath}`);
+    execSync("npm i", { cwd: resolvedPath });
+
+    if (!fs.existsSync(path.join(resolvedPath, "package-lock.json"))) {
+      console.error(`package-lock.json not found in ${resolvedPath}`);
+      return;
+    }
+
     try {
       const auditResult = await runNpmAudit(dirPath);
-      const auditResultWithParentDeps = await findIndirectVulnerableDependencies(
-        auditResult,
-        dirPath,
+      const auditResultWithParentDeps =
+        await findIndirectVulnerableDependencies(auditResult, dirPath);
+      const summary = await enhanceVulnerabilityList(
+        auditResultWithParentDeps,
+        dirPath
       );
-      const summary = await enhanceVulnerabilityList(auditResultWithParentDeps, dirPath);
 
       results[dirPath] = summary;
     } catch (error) {
-      console.error('Error enhancing vulnerabilities:', error);
+      console.error("Error enhancing vulnerabilities:", error);
     }
   });