GoogleChrome · paulirish · May 18, 2018 · May 1, 2018 · May 18, 2018 · May 18, 2018
diff --git a/lighthouse-core/scripts/cleanup-vuln-snapshot.js b/lighthouse-core/scripts/cleanup-vuln-snapshot.js
@@ -0,0 +1,52 @@
+#!/usr/bin/env node
+
+/**
+ * @license Copyright 2018 Google Inc. All Rights Reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+'use strict';
+
+/** @fileoverview Read in the snyk snapshot, remove whatever we don't need, write it back */
+
+const {readFileSync, writeFileSync} = require('fs');
+const prettyJSONStringify = require('pretty-json-stringify');
+
+const filename = process.argv[2];
+if (!filename) throw new Error('No filename provided.');
+
+const data = readFileSync(filename, 'utf8');
+const output = cleanAndFormat(data);
+JSON.parse(output); // make sure it's parseable
+writeFileSync(filename, output, 'utf8');
+
+/** @typedef {import('../audits/dobetterweb/no-vulnerable-libraries.js').SnykDB} SnykDB */
+
+/**
+ * @param {string} vulnString
+ * @return {string}
+ */
+function cleanAndFormat(vulnString) {
+  const snapshot = /** @type {!SnykDB} */ (JSON.parse(vulnString));
+  for (const libEntries of Object.values(snapshot.npm)) {
+    libEntries.forEach((entry, i) => {
+      const pruned = {
+        id: entry.id,
+        severity: entry.severity,
+        semver: {vulnerable: entry.semver.vulnerable},
+      };
+
+      libEntries[i] = pruned;
+    });
+  }
+
+  // Normal pretty JSON-stringify has too many newlines. This strikes the right signal:noise ratio
+  return prettyJSONStringify(snapshot, {
+    tab: '  ',
+    spaceBeforeColon: '',
+    spaceAfterColon: '',
+    spaceAfterComma: '',
+    spaceInsideObject: '',
+    shouldExpand: (_, level) => level < 3,
+  });
+}
diff --git a/lighthouse-core/scripts/update-vuln-snapshot.sh b/lighthouse-core/scripts/update-vuln-snapshot.sh
@@ -11,3 +11,4 @@
 url="https://snyk.io/partners/api/v2/vulndb/clientside.json"
 
 wget "$url" -O snyk-snapshot.json && mv snyk-snapshot.json ./third-party/snyk/snapshot.json
+node ./lighthouse-core/scripts/cleanup-vuln-snapshot.js ./third-party/snyk/snapshot.json
diff --git a/package.json b/package.json
@@ -95,6 +95,7 @@
     "npm-run-posix-or-windows": "^2.0.2",
     "nyc": "^11.6.0",
     "postinstall-prepare": "^1.0.1",
+    "pretty-json-stringify": "^0.0.2",
     "puppeteer": "1.4.0",
     "sinon": "^2.3.5",
     "typescript": "2.9.1-insiders.20180516",

diff --git a/third-party/snyk/snapshot.json b/third-party/snyk/snapshot.json
diff --git a/typings/pretty-json-stringify/index.d.ts b/typings/pretty-json-stringify/index.d.ts
@@ -0,0 +1,20 @@
+/**
+ * @license Copyright 2018 Google Inc. All Rights Reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+
+declare module 'pretty-json-stringify' {
+  interface Params {
+    tab?: string;
+    spaceBeforeColon?: string;
+    spaceAfterColon?: string;
+    spaceAfterComma?: string;
+    spaceInsideObject?: string;
+    spaceInsideArray?: string;
+    shouldExpand?(obj: Object, level: number, index: string): Boolean;
+  }
+
+  function stringify(object: Object, params: Params): string;
+  export = stringify;
+}
diff --git a/yarn.lock b/yarn.lock
@@ -3989,6 +3989,10 @@ pretty-hrtime@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/pretty-hrtime/-/pretty-hrtime-1.0.2.tgz#70ca96f4d0628a443b918758f79416a9a7bc9fa8"
 
+pretty-json-stringify@^0.0.2:
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/pretty-json-stringify/-/pretty-json-stringify-0.0.2.tgz#dc0f1dbeab6bc1ab15f40d4cce4f38b75b17a334"
+
 prettycli@^1.4.3:
   version "1.4.3"
   resolved "https://registry.yarnpkg.com/prettycli/-/prettycli-1.4.3.tgz#b28ec2aad9de07ae1fd75ef294fb54cbdee07ed5"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,3 +11,4 @@
		url="https://snyk.io/partners/api/v2/vulndb/clientside.json"

		wget "$url" -O snyk-snapshot.json && mv snyk-snapshot.json ./third-party/snyk/snapshot.json
		node ./lighthouse-core/scripts/cleanup-vuln-snapshot.js ./third-party/snyk/snapshot.json