test: support "exclude" and "ignore" CLI options for yarn npm audit…

… command
antongolub · Oct 26, 2024 · 2aaa104 · 2aaa104
1 parent 89cb5dc
commit 2aaa104
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/src/main/ts/cli.ts b/src/main/ts/cli.ts
@@ -34,6 +34,12 @@ const flags = new Command()
     'Get an idea of what audit fix will do',
     env.YAF_DRY_RUN,
   )
+  .option(
+    '--exclude <path>',
+    'Array of glob patterns of packages to exclude from audit',
+    parseMultipleValueArg,
+    env.YAF_EXCLUDE,
+  )
   .addOption(
     new Option('--flow [flow]', 'Define how `yarn.lock` is modified')
       .choices(['convert', 'patch'])
@@ -44,6 +50,12 @@ const flags = new Command()
     'Have audit fix install semver-major updates to toplevel dependencies, not just semver-compatible ones',
     env.YAF_FORCE,
   )
+  .option(
+    '--ignore <id>',
+    'Array of glob patterns of advisory IDs to ignore in the audit report',
+    parseMultipleValueArg,
+    env.YAF_IGNORE,
+  )
   .option(
     '--ignore-engines [bool]',
     'Ignore engines check',

diff --git a/src/main/ts/stages.ts b/src/main/ts/stages.ts
@@ -68,6 +68,14 @@ export const printRuntimeDigest: TCallback = ({
     )
   }
 
+  // NOTE yarn > v3.3.0 fixed plugin-npm-cli minor compatibility
+  // https://github.com/yarnpkg/berry/pull/4356#issuecomment-1316653931
+  if (semver.gt('3.3.0', versions.yarn) && (flags.exclude || flags.ignore)) {
+    console.warn(
+      `This project yarn version ${versions.yarn} doesn't support the 'exclude' and 'ignore' flags. Please upgrade to yarn 3.3.0 or higher to use those flags`,
+    )
+  }
+
   if (semver.gt(versions.yafLatest, versions.yaf)) {
     console.warn(
       `yarn-audit-fix version ${versions.yaf} is out of date. Install the latest ${versions.yafLatest} for better results`,