Package detail

jest-package-audit

xeroxinteractive695MIT5.0.4

Filter and retry yarn/npm audit command with Jest.

jest, matcher, package, audit, npm audit, yarn audit, testing, assertion

readme

jest-package-audit

Filter and retry yarn/npm audit command with Jest.

The yarn audit, and npm audit commands are useful for detecting packages in use that have vulnerabilites. But they don't allow specific package filtering. For example you may have a vulnerability in a package you are only using in development, and the nature of that vulnerability is more often than not only unsafe when used in production. Updating the dependency to fix the vulnerability may break things. That is where jest-package-audit comes in, it wraps the yarn audit and npm audit commands and checks each vulnerabilty they flag against an array of allowed vulnerability names e.g. ['puppeteer'].

Another added benefit of jest-package-audit is the ability to retry tests if they fail. This is useful as the audit endpoints can sometimes timeout out or randomly give 503 HTTP Status codes back. Using jest.retryTimes you can overcome this by retrying say 5 times.

Usage

Important: jest-package-audit only works with Jest >= 23 as it depends on async matchers.

Install jest-package-audit:

yarn add jest-package-audit --dev
# or
npm install jest-package-audit --save-dev

Create a new test file for package auditing: `javascript // audit.test.js import { toPassPackageAudit } from 'jest-package-audit'; expect.extend({ toPassPackageAudit });

jest.retryTimes(5); // Optional jest.setTimeout(15000); // The audit command can take a while...

test('packages do not have vunerabilities', async () => { await expect({/* Input options /}).toPassPackageAudit({ allow: ['puppeteer'] / Output options */ }); });

test('packages do not have vunerabilities using predicate function', async () => { await expect({/* Input options /}).toPassPackageAudit({ allow: (options) => { if (options.packageName === 'puppeteer' && options.packageSeverity === 'low') { return true; } else { return false; } } / Output options */ }); }); `

Options

Input Options

Input options should be passed to the expect function when using toPassPackageAudit, they define how the actual yarn audit or npm audit command is run.

Name	Description	Default
`cwd: (String)`	Current working directory to run the audit command in.	The closest folder with a `package.json` above `jest-package-audit`.
`packageManager ('npm' or 'yarn' or 'pnpm')`	Which package manager to use, this will be auto-detected if not specified, also it will determine how the audit output is parsed when using `command`.	Based on relevant lockfile existance
`level: ('info' or 'low' or 'moderate' or 'high' or 'critical')`	Limit the vulnerabilities to the given level and above. (Note: npm and pnpm does not support `info`, so it will not be passed forward)
`dependencyType: ('dependencies' or 'devDependencies')`	Limit the vulnerabilities to the projects development or production dependencies.
`command (String)`	Custom command to use. This will override the `yarn`, `level` and `dependencyType` options. Use this with caution!

Note: level and dependencyType are passed forward to yarn and npm in their respective formats. Unless, command is specified,

Output Options

Output options should be passed to the toPassPackageAudit function, they define how the output of yarn audit or npm audit is processed.

Name	Description	Default
`allow: (String[] \| (vulnerability: {packageName: string; packageSeverity: string; packageData: Object}) => boolean)`	An array of package names to allow if they have vulnerabilities or a single callback predicate function.	`[]`

Disclaimer

Please be aware that we provide no liability for any security issues, or any other issues for that matter, encountered when using this package. It is provided as open-source software under the MIT license. So please read the source code and make sure you understand the implications of allowing vulnerable modules to pass through the audit commands!

LICENSE | CHANGELOG | ISSUES | CONTRIBUTING

changelog

v5.0.4 (Fri Nov 10 2023)

Fix

Dependencies

Update all non-major dependencies #796 (@renovate[bot])
Update definitelyTyped #794 (@renovate[bot])
Update pnpm to v8.10.0 #795 (@renovate[bot])
Update dependency @types/node to v18.18.7 #793 (@renovate[bot])
Update all non-major dependencies #789 (@renovate[bot])
Update actions/setup-node action to v4 #790 (@renovate[bot])
Update definitelyTyped #788 (@renovate[bot])
Update all non-major dependencies #786 (@renovate[bot])
Update dependency @types/node to v18.18.5 #787 (@renovate[bot])
Update dependency @types/node to v18.18.3 #785 (@renovate[bot])
Update dependency @pnpm/audit to v7.0.16 #784 (@renovate[bot])
Update dependency @types/node to v18.18.0 #783 (@renovate[bot])
Update all non-major dependencies #782 (@renovate[bot])
Update dependency @types/node to v18.17.18 #781 (@renovate[bot])
Update all non-major dependencies #778 (@renovate[bot])
Update definitelyTyped #779 (@renovate[bot])
Update dependency jest to v29.7.0 #780 (@renovate[bot])
Update dependency @types/node to v18.17.14 #776 (@renovate[bot])
Update actions/checkout action to v4 #777 (@renovate[bot])
Update all non-major dependencies #775 (@renovate[bot])
Update dependency jest to v29.6.4 #773 (@renovate[bot])
Update dependency @types/node to v18.17.12 #772 (@renovate[bot])
Update all non-major dependencies #774 (@renovate[bot])
Update definitelyTyped #769 (@renovate[bot])
Update all non-major dependencies #770 (@renovate[bot])
Update dependency @types/node to v18.17.5 #767 (@renovate[bot])
Update all non-major dependencies #768 (@renovate[bot])
Update definitelyTyped #759 (@renovate[bot])
Update all non-major dependencies #761 (@renovate[bot])
Update dependency prettier to v3 #763 (@renovate[bot] @AndrewLeedham)
Update dependency @auto-it/slack to v11 #765 (@renovate[bot])
Update dependency auto to v11 #766 (@renovate[bot])
Update dependency jest to v29.6.2 #764 (@renovate[bot] @AndrewLeedham)
Update dependency jest to v29.6.1 #762 (@renovate[bot] @AndrewLeedham)
Update all non-major dependencies #760 (@renovate[bot] @AndrewLeedham)
Update all non-major dependencies #757 (@renovate[bot])
Update dependency @types/node to v18.16.13 #758 (@renovate[bot])
Update dependency @types/node to v18.16.7 #755 (@renovate[bot])
Update pnpm to v8.5.0 #756 (@renovate[bot])
Update all non-major dependencies #751 (@renovate[bot])
Update definitelyTyped #754 (@renovate[bot])
Update dependency @pnpm/audit to v7 #752 (@renovate[bot])
Update pnpm to v8 #753 (@renovate[bot])
Update dependency @types/node to v18.15.11 #750 (@renovate[bot])
Update definitelyTyped #748 (@renovate[bot])
Update dependency typescript to v5 #749 (@renovate[bot])
Update all non-major dependencies #747 (@renovate[bot])
Update definitelyTyped #746 (@renovate[bot])
Update all non-major dependencies #745 (@renovate[bot])
Update dependency jest to v29.5.0 #744 (@renovate[bot])
Update pnpm to v7.29.1 #743 (@renovate[bot])
Update dependency @types/node to v18.14.6 #741 (@renovate[bot])
Update all non-major dependencies #742 (@renovate[bot])
Update dependency @types/node to v18.14.1 #739 (@renovate[bot])
Update all non-major dependencies to v10.42.2 #740 (@renovate[bot])
Update all non-major dependencies #738 (@renovate[bot])
Update all non-major dependencies #735 (@renovate[bot])
Update dependency jest to v29.4.3 #737 (@renovate[bot])
Update all non-major dependencies #733 (@renovate[bot])
Update dependency jest to v29.4.2 #732 (@renovate[bot])
Update dependency @types/node to v18.13.0 #734 (@renovate[bot])
Update dependency jest to v29.4.1 #731 (@renovate[bot])
Update all non-major dependencies #730 (@renovate[bot])
Update dependency jest to v29.4.0 #729 (@renovate[bot])
Update dependency @types/jest to v29.4.0 #728 (@renovate[bot])
Update dependency @types/jest to v29.2.6 #727 (@renovate[bot])
Update all non-major dependencies #726 (@renovate[bot])
Update all non-major dependencies #725 (@renovate[bot] @AndrewLeedham)

Authors: 2

@renovate[bot]
Andrew Leedham (@AndrewLeedham)

v5.0.3 (Wed Jan 04 2023)

Fix

Dependencies

Update dependency eslint to v8.31.0 #723 (@renovate[bot])
Update definitelyTyped #722 (@renovate[bot] @AndrewLeedham)
Update all non-major dependencies #721 (@renovate[bot])
Update dependency @types/node to v18.11.17 #720 (@renovate[bot])
Update dependency @types/node to v18.11.15 #719 (@renovate[bot])
@pnpm/audit 6.0.3 #718 (@AndrewLeedham)
Update all non-major dependencies #717 (@renovate[bot])
Update definitelyTyped #716 (@renovate[bot])
Update all non-major dependencies #715 (@renovate[bot])

Authors: 2

@renovate[bot]
Andrew Leedham (@AndrewLeedham)

v5.0.2 (Thu Dec 01 2022)

Fix

Authors: 1

Andrew Leedham (@AndrewLeedham)

v5.0.1 (Thu Dec 01 2022)

Fix

Move @pnpm/audit to deps #712 (@AndrewLeedham)

Dependencies

Update dependency @types/node to v18.11.10 #711 (@renovate[bot])
Update all non-major dependencies #709 (@renovate[bot])
Update dependency @pnpm/audit to v5.0.2 #708 (@renovate[bot])
Update dependency @types/jest to v29.2.3 #707 (@renovate[bot])
Update all non-major dependencies #706 (@renovate[bot])
Update dependency jest to v29.3.1 #705 (@renovate[bot])
Update dependency @types/jest to v29.2.2 #704 (@renovate[bot])
Update all non-major dependencies #703 (@renovate[bot])
Update definitelyTyped #702 (@renovate[bot])
Update dependency @types/node to v18.11.8 #701 (@renovate[bot])
Update dependency @pnpm/audit to v5 #699 (@renovate[bot])
Update dependency @types/node to v18 #700 (@renovate[bot])
Update all non-major dependencies #695 (@renovate[bot])
Update dependency jest to v29.2.2 #696 (@renovate[bot])
Update dependency @types/node to v16.18.1 #697 (@renovate[bot])
Update Node.js to v18 #698 (@renovate[bot])
Update dependency @pnpm/audit to v4 #694 (@renovate[bot])
Update dependency jest to v29.2.1 #693 (@renovate[bot])
Update definitelyTyped #692 (@renovate[bot])
Update definitelyTyped #691 (@renovate[bot])
Update all non-major dependencies #690 (@renovate[bot])
Update definitelyTyped #689 (@renovate[bot])
Update dependency jest to v29.1.2 #688 (@renovate[bot])
Update all non-major dependencies #687 (@renovate[bot])
Update dependency jest to v29.1.1 #686 (@renovate[bot])
Update dependency @types/node to v16.11.62 #684 (@renovate[bot])
Update all non-major dependencies #685 (@renovate[bot])
Update dependency @types/jest to v29.0.3 #683 (@renovate[bot] @AndrewLeedham)
Update all non-major dependencies #682 (@renovate[bot])
Update dependency ts-jest to v29 #681 (@renovate[bot])
Update dependency jest to v29.0.3 #680 (@renovate[bot])
Update definitelyTyped #679 (@renovate[bot])
Update all non-major dependencies #678 (@renovate[bot])
Update dependency @types/node to v16.11.58 #676 (@renovate[bot])
Update dependency jest to v29.0.2 #677 (@renovate[bot])
Update dependency @types/jest to v29 #674 (@renovate[bot])
Update dependency jest to v29 #675 (@renovate[bot])
Update dependency @antfu/ni to v0.18.0 #673 (@renovate[bot])
Update definitelyTyped #671 (@renovate[bot])
Update all non-major dependencies #672 (@renovate[bot])
Update all non-major dependencies #668 (@renovate[bot])
Update definitelyTyped #667 (@renovate[bot])
Update dependency @pnpm/audit to v3.1.6 #666 (@renovate[bot])
Update all non-major dependencies #664 (@renovate[bot])
Update dependency @types/node to v16.11.47 #665 (@renovate[bot])
Update all non-major dependencies #663 (@renovate[bot])

Authors: 2

@renovate[bot]
Andrew Leedham (@AndrewLeedham)

v5.0.0 (Wed Jul 20 2022)

Breaking Change

Support PNPM #661 (@AndrewLeedham)

Feature

Support NPM Report v2 + Semantic-release -> Auto #596 (@AndrewLeedham)

Fix

Configure Renovate #595 (@renovate-bot @AndrewLeedham @renovate[bot])
Bump #597 (@AndrewLeedham)

Dependencies

Update all non-major dependencies #659 (@renovate[bot])
Update definitelyTyped #660 (@renovate[bot])
Update dependency @types/node to v16.11.44 #658 (@renovate[bot])
Update dependency jest to v28.1.3 #657 (@renovate[bot])
Update dependency @types/jest to v28.1.5 #656 (@renovate[bot])
Update dependency eslint to v8.19.0 #655 (@renovate[bot])
Update definitelyTyped #654 (@renovate[bot])
Update dependency jest to v28.1.2 #653 (@renovate[bot])
Update dependency @types/jest to v28.1.3 #651 (@renovate[bot])
Update all non-major dependencies #652 (@renovate[bot])
Update definitelyTyped #650 (@renovate[bot])
Update all non-major dependencies #649 (@renovate-bot @renovate[bot])
Update all non-major dependencies #647 (@renovate-bot @renovate[bot])
Update dependency @types/jest to v28 #648 (@renovate-bot @renovate[bot])
Update dependency jest to v28.1.1 #646 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.39 #645 (@renovate-bot @renovate[bot])
Update dependency @types/jest to v27.5.2 #644 (@renovate-bot @renovate[bot])
Update all non-major dependencies #642 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.38 #643 (@renovate-bot @renovate[bot])
Update dependency jest to v28.1.0 #641 (@renovate-bot @renovate[bot])
Update definitelyTyped #639 (@renovate-bot @renovate[bot])
Update all non-major dependencies #640 (@renovate-bot @renovate[bot])
Update dependency typescript to v4.6.4 #637 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.33 #638 (@renovate-bot @renovate[bot])
Update jest monorepo (major) #636 (@renovate-bot @AndrewLeedham @renovate[bot])
Update dependency @types/node to v16.11.31 #634 (@renovate-bot @renovate[bot])
Update dependency eslint to v8.14.0 #635 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.27 #633 (@renovate-bot @renovate[bot])
Update all non-major dependencies #632 (@renovate-bot @renovate[bot])
Update dependency prettier to v2.6.2 #631 (@renovate-bot @renovate[bot])
Update all non-major dependencies #630 (@renovate-bot @renovate[bot])
Update all non-major dependencies #629 (@renovate-bot @renovate[bot])
Update all non-major dependencies to v10.34.1 #628 (@renovate-bot @renovate[bot])
Update dependency @xerox/prettier-config to v4 #627 (@renovate-bot @renovate[bot])
Update dependency @xerox/eslint-config to v5 #626 (@renovate-bot @renovate[bot])
Update actions/setup-node action to v3 #625 (@renovate-bot @renovate[bot])
Update actions/checkout action to v3 #624 (@renovate-bot @renovate[bot])
Update all non-major dependencies #623 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.26 #622 (@renovate-bot @renovate[bot])
Update dependency @xerox/eslint-config to v4.1.1 #621 (@renovate-bot @renovate[bot])
Update dependency @types/jest to v27.4.1 #620 (@renovate-bot @renovate[bot])
Update dependency eslint to v8.9.0 #619 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.25 #618 (@renovate-bot @renovate[bot])
Update jest monorepo to v27.5.1 #617 (@renovate-bot @renovate[bot])
Update dependency eslint to v8.8.0 #616 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.22 #615 (@renovate-bot @renovate[bot])
Update dependency @xerox/eslint-config to v4.1.0 #614 (@renovate-bot @AndrewLeedham @renovate[bot])
Update all non-major dependencies #613 (@renovate-bot @renovate[bot])
Update dependency @types/node to v16.11.21 #612 (@renovate-bot @renovate[bot])
Update all non-major dependencies #611 (@renovate-bot @renovate[bot])
Update definitelyTyped (major) #610 (@renovate-bot @renovate[bot])
Update jest monorepo (major) #607 (@renovate-bot @renovate[bot])
Update definitelyTyped #608 (@renovate-bot @renovate[bot])
Update Node.js to v16 #609 (@renovate-bot @renovate[bot])
Update dependency eslint to v8 #604 (@renovate-bot @renovate[bot])
Update all non-major dependencies #601 (@renovate-bot @AndrewLeedham @renovate[bot])
Pin dependencies #599 (@renovate-bot @renovate[bot])
Pin dependencies #600 (@renovate-bot @renovate[bot])

Authors: 3

@renovate[bot]
Andrew Leedham (@AndrewLeedham)
WhiteSource Renovate (@renovate-bot)

4.0.1 (2022-01-05)

Bug Fixes

allow checking pass condition (5011f91)

4.0.0 (2022-01-05)

Open up node version range + dependency updates + allow function + Node 14/16 + JSON output parsing (#523) (43a1edb), closes #523 #588 #589

Bug Fixes

linting issues (689cff7)
open up node versions (5ebfeb0)

Features

allow function + parse JSON output (#588) (6499e62)

BREAKING CHANGES

Node.js > 14 now required.

Co-authored-by: luxtron rafael.almeria@xerox.com

Node.js > 14 now required.

Co-authored-by: luxtron rafael.almeria@xerox.com

3.2.0 (2020-10-27)

Features

node 14 support (fb981e2)

3.1.2 (2020-07-31)

3.1.1 (2020-07-03)

Bug Fixes

manually filter severity levels (8da14ae)

3.1.0 (2020-07-02)

Bug Fixes

make toPassPackageAudit type asynchronous (72c1b0c)

Features

add yarn, level and dependencyType options (d493199)
automatically switch between yarn and npm (c9bf19b)

3.0.2 (2020-06-30)

Bug Fixes

add regex support for plain report tables (9316d9d)
clamp whitespace checking (cba4a37)

3.0.1 (2020-05-16)

Bug Fixes

add jest as peer dependency + jest 26 (38e31ca)

3.0.0 (2020-03-24)

chore

remove xerox prefix (573f2e5)

BREAKING CHANGES

@xerox/ prefix removed from npm package going forward

2.0.5 (2019-12-13)

2.0.4 (2019-11-18)

2.0.3 (2019-11-05)

Bug Fixes

types: match new jest typings (7a64df3)

2.0.2 (2019-08-28)

Bug Fixes

allow exit code 2 (209ceb5)

2.0.1 (2019-07-17)

Bug Fixes

16000+ vulnerabilities (03f8b62)

2.0.0 (2019-07-11)

Features

move to xerox org (a32e34e)

BREAKING CHANGES

npm module name changed from browserslist-browserstack to @xerox/browserslist-browserstack

1.0.4 (2019-06-19)

Bug Fixes

remove circleci-bin due to windows compat (7160cbc)

1.0.3 (2019-05-24)

Bug Fixes

allow filtering + better exit code handling (85406d7)

1.0.2 (2019-05-23)

Code Refactoring

single file exports matcher (5ac17da)

BREAKING CHANGES

toPassPackageAudit is no longer automatically extended onto jest, using setupFilesAfterEnv will no longer work.

1.0.1 (2019-05-22)

Bug Fixes

use cross-spawn for windows compat (0cf82c3)
windows cross-spawn mocking (219c576)

1.0.0 (2019-05-21)

Bug Fixes

exit code 8 (3817c9d)
audit: more timeout I guess (4d4ec6e)
matcher: output error in message (464a5aa)
package: v0.0.0 (0fa7df3)

Features

initial implementation (7de24fc)
log error if jest can’t be extended (9e2503d)