Update console output and add some tests

lib/commands/audit.js

@@ -79,45 +79,45 @@ class VerifySignatures {
       this.appendOutput(`${verifiedPrefix}${timing}\n`)
 
       if (this.verified && !verified) {
-        this.appendOutput(
-          `${this.verified} packages have ${this.npm.color ? chalk.bold('verified') : 'verified'}` +
-          ` registry signatures\n`
-        )
+        const verifiedClr = this.npm.color ? chalk.bold('verified') : 'verified'
+        const msg = this.verified === 1 ?
+          `${this.verified} package has a ${verifiedClr} registry signature\n` :
+          `${this.verified} packages have ${verifiedClr} registry signatures\n`
+        this.appendOutput(msg)
       }
 
       if (missing.length) {
+        const logMissing = this.npm.config.get('log-missing-names')
+        const missingClr = this.npm.color ? chalk.bold(chalk.magenta('missing')) : 'missing'
         const msg = missing.length === 1 ?
-          `package has a ${this.npm.color ? chalk.bold(chalk.magenta('missing')) : 'missing'}` +
-          ` registry signature` :
-          `packages have ${this.npm.color ? chalk.bold(chalk.magenta('missing')) : 'missing'}` +
-          ` registry signatures`
+          `package has a ${missingClr} registry signature` :
+          `packages have ${missingClr} registry signatures`
         this.appendOutput(
           `${missing.length} ${msg} but the registry is ` +
-          `providing signing keys${this.npm.config.get('missing') ? ':\n' : ''}`
+          `providing signing keys${logMissing ? ':\n' : ''}`
         )
-        // TODO: This might not be the right option for this
-        if (this.npm.config.get('missing')) {
+        if (logMissing) {
           this.appendOutput(this.humanOutput(missing))
         } else {
-          this.appendOutput(`  run \`npm audit signatures --missing\` for details`)
+          this.appendOutput(`  run \`npm audit signatures --log-missing-names\` for details`)
         }
       }
 
       if (invalid.length) {
+        const invalidClr = this.npm.color ? chalk.bold(chalk.red('invalid')) : 'invalid'
         const msg = invalid.length === 1 ?
-          `package has an ${this.npm.color ? chalk.bold(chalk.red('invalid')) : 'invalid'}` +
-          ` registry signature` :
-          `packages have ${this.npm.color ? chalk.bold(chalk.red('invalid')) : 'invalid'}` +
-          ` registry signatures`
+          `${invalid.length} package has an ${invalidClr} registry signature:\n` :
+          `${invalid.length} packages have ${invalidClr} registry signatures:\n`
         this.appendOutput(
-          `${missing.length ? '\n' : ''}${invalid.length} ${msg}:\n`
+          `${missing.length ? '\n' : ''}${msg}`
         )
         this.appendOutput(this.humanOutput(invalid))
-        const invPlural = invalid.length === 1 ? '' : 's'
-        this.appendOutput(
-          `\nSomeone might have tampered with the package${invPlural} ` +
-          `since it was published on the registry (monster-in-the-middle attack)!\n`
-        )
+        const tamperMsg = invalid.length === 1 ?
+          `\nSomeone might have tampered with this package since it was ` +
+          `published on the registry!\n` :
+          `\nSomeone might have tampered with these packages since they where ` +
+          `published on the registry!\n`
+        this.appendOutput(tamperMsg)
       }
     }
   }
@@ -204,7 +204,7 @@ class VerifySignatures {
     const parsedRegistry = new URL(registry)
     const regKey = `//${parsedRegistry.host}${parsedRegistry.pathname}`
     return {
-      `${regKey}:_keys`: keys
+      [`${regKey}:_keys`]: keys,
     }
   }
 
@@ -369,7 +369,9 @@ class Audit extends ArboristWorkspaceCmd {
       case 'fix':
         return []
       default:
-        throw new Error(argv[2] + ' not recognized')
+        throw Object.assign(new Error(argv[2] + ' not recognized'), {
+          code: 'EUSAGE',
+        })
     }
   }
 
@@ -406,7 +408,15 @@ class Audit extends ArboristWorkspaceCmd {
   }
 
   async auditSignatures () {
-    log.newItem('loading intalled packages')
+    if (this.npm.config.get('global')) {
+      throw Object.assign(
+        new Error('`npm audit signatures` does not support global packages'), {
+          code: 'EAUDITGLOBAL',
+        }
+      )
+    }
+
+    log.newItem('loading intalled dependencies')
     const reporter = this.npm.config.get('json') ? 'json' : 'detail'
     const opts = {
       ...this.npm.flatOptions,

tap-snapshots/test/lib/commands/audit.js.test.cjs

@@ -109,15 +109,15 @@ audited 1 package in 0s
 
 @npmcli/arborist@1.0.14 (https://verdaccio-clone.org)
 
-Someone might have tampered with the package since it was published on the registry (monster-in-the-middle attack)!
+Someone might have tampered with this package since it was published on the registry!
 
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures third-party registry with keys and missing signatures errors > must match snapshot 1`] = `
 audited 1 package in 0s
 
 1 package has a missing registry signature but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures third-party registry with keys and signatures > must match snapshot 1`] = `
@@ -133,13 +133,13 @@ exports[`test/lib/commands/audit.js TAP audit signatures with both invalid and m
 audited 2 packages in xxx
 
 1 package has a missing registry signature but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
 
 1 package has an invalid registry signature:
 
 kms-demo@1.0.0
 
-Someone might have tampered with the package since it was published on the registry (monster-in-the-middle attack)!
+Someone might have tampered with this package since it was published on the registry!
 
 `
 
@@ -151,10 +151,10 @@ verified registry signatures, audited 1 package in 0s
 exports[`test/lib/commands/audit.js TAP audit signatures with color output enabled with both valid and missing signatures > must match snapshot 1`] = `
 audited 2 packages in xxx
 
-1 packages have [1mverified[22m registry signatures
+1 package has a [1mverified[22m registry signature
 
 1 package has a missing registry signature but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with color output enabled with invalid signatures > must match snapshot 1`] = `
@@ -164,7 +164,7 @@ audited 1 package in 0s
 
 kms-demo@1.0.0
 
-Someone might have tampered with the package since it was published on the registry (monster-in-the-middle attack)!
+Someone might have tampered with this package since it was published on the registry!
 
 `
 
@@ -176,15 +176,15 @@ audited 2 packages in xxx
 async@1.1.1
 kms-demo@1.0.0
 
-Someone might have tampered with the packages since it was published on the registry (monster-in-the-middle attack)!
+Someone might have tampered with these packages since they where published on the registry!
 
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with color output enabled with multiple missing signatures > must match snapshot 1`] = `
 audited 2 packages in xxx
 
 2 packages have missing registry signatures but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with invalid signatures > must match snapshot 1`] = `
@@ -194,15 +194,15 @@ audited 1 package in 0s
 
 kms-demo@1.0.0
 
-Someone might have tampered with the package since it was published on the registry (monster-in-the-middle attack)!
+Someone might have tampered with this package since it was published on the registry!
 
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with keys but missing signature > must match snapshot 1`] = `
 audited 1 package in 0s
 
 1 package has a missing registry signature but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with multiple invalid signatures > must match snapshot 1`] = `
@@ -213,24 +213,37 @@ audited 2 packages in xxx
 async@1.1.1
 kms-demo@1.0.0
 
-Someone might have tampered with the packages since it was published on the registry (monster-in-the-middle attack)!
+Someone might have tampered with these packages since they where published on the registry!
 
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with multiple missing signatures > must match snapshot 1`] = `
 audited 2 packages in xxx
 
 2 packages have missing registry signatures but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
+`
+
+exports[`test/lib/commands/audit.js TAP audit signatures with multiple valid signatures and one invalid > must match snapshot 1`] = `
+audited 3 packages in xxx
+
+2 packages have verified registry signatures
+
+1 package has an invalid registry signature:
+
+node-fetch@1.6.0
+
+Someone might have tampered with this package since it was published on the registry!
+
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with valid and missing signatures > must match snapshot 1`] = `
 audited 2 packages in xxx
 
-1 packages have verified registry signatures
+1 package has a verified registry signature
 
 1 package has a missing registry signature but the registry is providing signing keys
-  run \`npm audit signatures --missing\` for details
+  run \`npm audit signatures --log-missing-names\` for details
 `
 
 exports[`test/lib/commands/audit.js TAP audit signatures with valid signatures > must match snapshot 1`] = `