audit: respect production flag in audit and install

yarnpkg · Nov 27, 2018 · 58f9d6b · 58f9d6b
1 parent d817134
commit 58f9d6b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 9 deletions.
diff --git a/src/cli/commands/audit.js b/src/cli/commands/audit.js
@@ -130,7 +130,8 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg
     workspaceLayout,
   });
 
-  const vulnerabilities = await audit.performAudit(manifest, install.resolver, install.linker, patterns);
+  const {production} = config;
+  const vulnerabilities = await audit.performAudit(manifest, install.resolver, install.linker, patterns, production);
   const totalVulnerabilities =
     vulnerabilities.info +
     vulnerabilities.low +
@@ -178,7 +179,11 @@ export default class Audit {
     }
   }
 
-  _mapHoistedTreesToAuditTree(manifest: Object, hoistedTrees: HoistedTrees): AuditTree {
+  _mapHoistedTreesToAuditTree(manifest: Object, hoistedTrees: HoistedTrees, production: boolean): AuditTree {
+    let requires = Object.assign({}, manifest.dependencies || {});
+    if (!production) {
+      requires = Object.assign(requires, manifest.devDependencies || {}, manifest.optionalDependencies || {});
+    }
     const auditTree: AuditTree = {
       name: manifest.name || undefined,
       version: manifest.version || undefined,
@@ -187,12 +192,7 @@ export default class Audit {
       metadata: {
         //TODO: What do we send here? npm sends npm version, node version, etc.
       },
-      requires: Object.assign(
-        {},
-        manifest.dependencies || {},
-        manifest.devDependencies || {},
-        manifest.optionalDependencies || {},
-      ),
+      requires,
       integrity: undefined,
       dependencies: {},
     };
@@ -248,10 +248,11 @@ export default class Audit {
     resolver: PackageResolver,
     linker: PackageLinker,
     patterns: Array<string>,
+    production: boolean,
   ): Promise<AuditVulnerabilityCounts> {
     this._insertWorkspacePackagesIntoManifest(manifest, resolver);
     const hoistedTrees = await hoistedTreeBuilder(resolver, linker, patterns);
-    const auditTree = this._mapHoistedTreesToAuditTree(manifest, hoistedTrees);
+    const auditTree = this._mapHoistedTreesToAuditTree(manifest, hoistedTrees, production);
     this.auditData = await this._fetchAudit(auditTree);
     return this.auditData.metadata.vulnerabilities;
   }

diff --git a/src/cli/commands/install.js b/src/cli/commands/install.js
@@ -612,6 +612,7 @@ export class Install {
             this.resolver,
             this.linker,
             topLevelPatterns,
+            !!this.config.production,
           );
           auditFoundProblems =
             auditVulnerabilityCounts.info ||