search

nodesource / ncm-cli

Command-line tool for NodeSource Certified Modules 2.0
Other
19 stars 13 forks source link

report: Skip data item if version doesn't exist #151

Closed Raynos closed 5 years ago

Raynos commented 5 years ago

It's possible for some data from ncm-api to come back as malformed. We do not want to include it in the report.

This allows ncm-cli report to return data from almost all modules, instead of a single bad module in ncm-api causing the entire report to fail.

If the version field is falsey then skip this item and drop it from the report.

Raynos commented 5 years ago

Fixes https://github.com/nodesource/ncm-cli/issues/149

brycebaril commented 5 years ago

Spent 5 minutes looking into adding a test to this PR but it appears that the mock server uses version gating as part of its logic, so I aborted for now.

Fishrock123 commented 5 years ago

This is wrong. Ignore it in the sort if you must.

Fishrock123 commented 5 years ago

At least log something. Anything.

Raynos commented 5 years ago

I've improved handling of bad data from ncm-api.

Instead of skipping the module we set the version to unknown.

The output of report looks like

raynos at raynos-Precision-5530  
~/nodesource/ncm-cli on handle-bad-data*
$ node bin/ncm-cli.js report --long --dir ./test/fixtures/poisoned-project/

╔═════════════════════════╗
║ poisoned-project Report ║
╚═════════════════════════╝

4 packages checked

  ! 0 critical risk
    1 high risk
    0 medium risk
    0 low risk

  ✓ No security vulnerabilities found

  ! 1 noncompliant modules found
    |➔ Run `ncm report --filter=compliance` for a list

─────────────────────────────────────────────────────────────────────────────────────────────────
  Modules
-------------------------------------------------------------------------------------------------
  Module Name                               Risk         License                 Security
┌──────────────────────────────────────────┬────────────┬───────────────────────┬───────────────┐
│ left-pad @ 1.3.0                         │ |||| High  │ X WTFPL               │ ✓ 0           │
│ is-path-in-cwd… @ 0.0.0-UNKNOWN-VERSION  │            │                       │               │
│ is-path-inside @ 2.1.0                   │ |||| None  │ ✓ MIT                 │ ✓ 0           │
│ path-is-inside @ 1.0.2                   │ |||| None  │ ✓ (WTFPL OR MIT)      │ ✓ 0           │
└──────────────────────────────────────────┴────────────┴───────────────────────┴───────────────┘

This reflects that we did find the module and we attempted to compute its score but we print empty because we have no data for that module.

kevinswiber commented 5 years ago

@Fishrock123 I believe I resolved all the open issues while @Raynos is out. PTAL.

Fishrock123 commented 5 years ago

Looks good. I will land in the morning if it isn't already by then.

Fishrock123 commented 5 years ago

Landed as https://github.com/nodesource/ncm-cli/commit/ea065b3cba869c9fed04d82271c6828c8f74a795