#!/bin/bash

function usage()
{
cat <<EOF
Usage: pkgjs-audit

pkgjs-audit builds a temporary package-lock.json file using devDependencies
and launches a "npm audit" with it. This permits one to check vulnerabilities
in case of bundled package.

Copyright (C) 2022 Xavier Guimard <yadd@debian.org>

Licensed under GPL-2+ (see /usr/share/common-licenses/GPL-2)
EOF
}
function version()
{
echo `perl -MDebian::PkgJs::Version -e 'print $VERSION'`
}

if test "$1" = "--version"; then
	version
	exit
fi
while getopts 'vh' opt; do
	case $opt in
		h)
			usage
			exit
			;;
		v)
			version
			exit
			;;
		*)
			echo "Unknown option $opt" >&2
			exit 1
			;;
	esac
done

if test -e package-lock.json; then
	/bin/mv package-lock.json package-lock.json.save
fi

perl -MDebian::PkgJs::PackageLock -e 'buildPackageLock(".","package-lock.json")'
npm audit
rm -f package-lock.json
if test -e package-lock.json.save; then
	/bin/mv package-lock.json.save package-lock.json
fi
