Add npm audit checks for Node.js packages in doctor.py
- Implemented functionality to run `npm audit` for specified Node.js package directories. - Added checks for vulnerabilities, reporting critical, high, and moderate issues. - Enhanced user feedback based on audit results, guiding users on necessary actions for vulnerabilities.
This commit is contained in:
teknium1
parent
6c86c7c4a9
commit
1b8eb85eeb
1 changed files with 35 additions and 0 deletions
|
|
@ -337,6 +337,41 @@ def run_doctor(args):
|
||||||
else:
|
else:
|
||||||
check_warn("Node.js not found", "(optional, needed for browser tools)")
|
check_warn("Node.js not found", "(optional, needed for browser tools)")
|
||||||
|
|
||||||
|
# npm audit for all Node.js packages
|
||||||
|
if shutil.which("npm"):
|
||||||
|
npm_dirs = [
|
||||||
|
(PROJECT_ROOT, "Browser tools (agent-browser)"),
|
||||||
|
(PROJECT_ROOT / "scripts" / "whatsapp-bridge", "WhatsApp bridge"),
|
||||||
|
]
|
||||||
|
for npm_dir, label in npm_dirs:
|
||||||
|
if not (npm_dir / "node_modules").exists():
|
||||||
|
continue
|
||||||
|
try:
|
||||||
|
audit_result = subprocess.run(
|
||||||
|
["npm", "audit", "--json"],
|
||||||
|
cwd=str(npm_dir),
|
||||||
|
capture_output=True, text=True, timeout=30,
|
||||||
|
)
|
||||||
|
import json as _json
|
||||||
|
audit_data = _json.loads(audit_result.stdout) if audit_result.stdout.strip() else {}
|
||||||
|
vuln_count = audit_data.get("metadata", {}).get("vulnerabilities", {})
|
||||||
|
critical = vuln_count.get("critical", 0)
|
||||||
|
high = vuln_count.get("high", 0)
|
||||||
|
moderate = vuln_count.get("moderate", 0)
|
||||||
|
total = critical + high + moderate
|
||||||
|
if total == 0:
|
||||||
|
check_ok(f"{label} deps", "(no known vulnerabilities)")
|
||||||
|
elif critical > 0 or high > 0:
|
||||||
|
check_warn(
|
||||||
|
f"{label} deps",
|
||||||
|
f"({critical} critical, {high} high, {moderate} moderate — run: cd {npm_dir} && npm audit fix)"
|
||||||
|
)
|
||||||
|
issues.append(f"{label} has {total} npm vulnerability(ies)")
|
||||||
|
else:
|
||||||
|
check_ok(f"{label} deps", f"({moderate} moderate vulnerability(ies))")
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
||||||
# =========================================================================
|
# =========================================================================
|
||||||
# Check: API connectivity
|
# Check: API connectivity
|
||||||
# =========================================================================
|
# =========================================================================
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue