From f9f180de9891468525f11765608b9a3fd7d8490b Mon Sep 17 00:00:00 2001
From: "Juan Picado @jotadeveloper" <juanpicado19@gmail.com>
Date: Mon, 21 May 2018 11:28:04 +0200
Subject: [PATCH] feat: support for npm audit fix #689

it is dissabled and commented out by default
---
 README.md         |   4 ++++
 conf/default.yaml |   5 +++++
 conf/full.yaml    |   5 +++++
 package.json      |   1 +
 yarn.lock         | Bin 374188 -> 375813 bytes
 5 files changed, 15 insertions(+)

diff --git a/README.md b/README.md
index 100d4ee63..2000814d4 100644
--- a/README.md
+++ b/README.md
@@ -163,6 +163,10 @@ Verdaccio aims to support all features of a standard npm client that make sense
 - Starring (npm star, npm unstar) - not supported, doesn't make sense in private registry
 - Ping (npm ping) - **supported**
 
+### Security
+
+- npm audit - **supported**
+
 ## FAQ / Contact / Troubleshoot
 
 If you have any issue you can try the following options, do no desist to ask or check our issues database, perhaps someone has asked already what you are looking for.
diff --git a/conf/default.yaml b/conf/default.yaml
index 43e071c49..b91fd7cfe 100644
--- a/conf/default.yaml
+++ b/conf/default.yaml
@@ -43,6 +43,11 @@ packages:
     # if package is not available locally, proxy requests to 'npmjs' registry
     proxy: npmjs
 
+# To use `npm audit` comment out the following section
+#middlewares:
+#  audit:
+#    enabled: true
+
 # log settings
 logs:
   - {type: stdout, format: pretty, level: http}
diff --git a/conf/full.yaml b/conf/full.yaml
index 4fe9db429..b9de76ff4 100644
--- a/conf/full.yaml
+++ b/conf/full.yaml
@@ -16,6 +16,11 @@ auth:
     # You can set this to -1 to disable registration.
     #max_users: 1000
 
+# Experimental built-in middlewares
+#middlewares:
+#  audit:
+#    enabled: true
+
 # a list of other known repositories we can talk to
 uplinks:
   npmjs:
diff --git a/package.json b/package.json
index e90b80aee..eea19cf3c 100644
--- a/package.json
+++ b/package.json
@@ -45,6 +45,7 @@
     "pkginfo": "0.4.1",
     "request": "2.85.0",
     "semver": "5.5.0",
+    "verdaccio-audit": "0.0.3",
     "verdaccio-htpasswd": "0.2.2"
   },
   "devDependencies": {
diff --git a/yarn.lock b/yarn.lock
index 576a7a9d4eae9c936484328ba7d58c0fb6facdb8..e4a8f40052d937f4a60994915da976a7d3a72328 100644
GIT binary patch
delta 680
zcmZ`%OKa3X048ac-4qH^WZl*W)2)JsWICBw5+AU5Qm97}JUNq0*2UVa*>trY7Dc27
zFN)wGKEQ*QBIrTQMfNCq&_7b}CU`WPT@O9<`tk97e2@2g%}0Nm_dglRUWvEezQ_hD
z>v+%$AUQJ+z))p_Ub+d|6G%UpGaQW?#tDbOynAnzNgQG?43Z>{86%PilwcIA7_kt`
zknxbQD9|epYb|}UYc1+8%jU8kH;m(Y^v$a4Q$MW57HOA00Q91CbLejLas}E5Qi%0O
zZUXJtMx%+RluX=lWg2gTHiiTeJw9f(cBE|-(l+<>VF%pE^S-OHEX@X;kq0>>#pSo=
zIlEB_5(n&zcFkh6JNNEGokIq(0}61>y1H<5rrfE7_XWrL(5srOzb979ou>9A!Bj<x
zOXef4JVpY>WaN1?h&YqdPq-2&(offoBa_&xO9w?H#r3W=<V_3%4$*#F7(5ey9DV*p
z*%NqUEmV}M^|DzS`U$0>M1o+>XoLb!uqdIJOPNR}6Q;#!YpMA9()w%^k6&9Ce%Wy^
z?;wcE-s;b5XZ6pG+WbYaRibO|S~+tpqNta;72;OB$}IMMN+iNK;7LGP%w#|%r3i_D
z`aI+u36Eg?WZh_8nQSw=(DX2H7CcIC^)og2|0EyI232<}7_=$$%CTlEtJ_;@kWWUQ
Mv{H<3)_!052Q6#E2LJ#7

delta 71
zcmV-N0J#5!_!g||7J#$?WeJDp3IVt03Igbtm$RV)5x4ZB0xJoJGOPl(GOPoduea7)
d1XK;TA!-C)Hn$z41ozFCd~yW|w=Z%9)=5}A9mN0u