Return semantic exit code for audit (#6819)

Author: antrew

CHANGELOG.md

@@ -28,6 +28,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa
 
   [#6712](https://github.com/yarnpkg/yarn/pull/6712) - [**Maël Nison**](https://twitter.com/arcanis)
 
+- Fixes yarn audit exit code overflow
+
+  [#6748](https://github.com/yarnpkg/yarn/issues/6748) - [**Andrey Vetlugin**](https://github.com/antrew)
+
 - Stops automatically unplugging packages with postinstall script when running under `--ignore-scripts`
 
   [#6820](https://github.com/yarnpkg/yarn/pull/6820) - [**Maël Nison**](https://twitter.com/arcanis)

__tests__/commands/audit.js

@@ -2,8 +2,11 @@
 
 import {NoopReporter} from '../../src/reporters/index.js';
 import {run as buildRun} from './_helpers.js';
+import * as auditModule from '../../src/cli/commands/audit.js';
 import {run as audit} from '../../src/cli/commands/audit.js';
 import {promisify} from '../../src/util/promise.js';
+import * as lockfileModule from '../../src/lockfile/index.js';
+import * as installModule from '../../src/cli/commands/install.js';
 
 const path = require('path');
 const zlib = require('zlib');
@@ -163,6 +166,47 @@ test('calls reporter auditSummary with correct data for private package', () =>
   });
 });
 
+describe('returns semantic exit codes', () => {
+  beforeAll(() => {
+    // mock unrelated stuff
+    jest.spyOn(lockfileModule.default, 'fromDirectory').mockImplementation(jest.fn());
+    jest.spyOn(installModule, 'Install').mockImplementation(() => {
+      return {
+        fetchRequestFromCwd: jest.fn(() => {
+          return {};
+        }),
+        resolver: {
+          init: jest.fn(),
+        },
+        linker: {
+          init: jest.fn(),
+        },
+      };
+    });
+  });
+
+  const exitCodeTestCases = [
+    [0, {}, 'zero when no vulnerabilities'],
+    [1, {info: 77}, '1 for info'],
+    [2, {low: 77}, '2 for low'],
+    [4, {moderate: 77}, '4 for moderate'],
+    [8, {high: 77}, '8 for high'],
+    [16, {critical: 77}, '16 for critical'],
+    [17, {info: 55, critical: 77}, 'different categories sum up'],
+  ];
+  exitCodeTestCases.forEach(([expectedExitCode, foundVulnerabilities, description]) => {
+    test(description, async () => {
+      jest.spyOn(auditModule.default.prototype, 'performAudit').mockImplementation(() => {
+        return foundVulnerabilities;
+      });
+      const configMock: any = {};
+      const reporterMock: any = {};
+      const exitCode = await audit(configMock, reporterMock, {}, []);
+      expect(exitCode).toEqual(expectedExitCode);
+    });
+  });
+});
+
 test.concurrent('sends correct dependency map to audit api for workspaces.', () => {
   const expectedApiPost = {
     dependencies: {

src/cli/commands/audit.js

@@ -131,20 +131,27 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg
   });
 
   const vulnerabilities = await audit.performAudit(manifest, install.resolver, install.linker, patterns);
-  const totalVulnerabilities =
-    vulnerabilities.info +
-    vulnerabilities.low +
-    vulnerabilities.moderate +
-    vulnerabilities.high +
-    vulnerabilities.critical;
+
+  const EXIT_INFO = 1;
+  const EXIT_LOW = 2;
+  const EXIT_MODERATE = 4;
+  const EXIT_HIGH = 8;
+  const EXIT_CRITICAL = 16;
+
+  const exitCode =
+    (vulnerabilities.info ? EXIT_INFO : 0) +
+    (vulnerabilities.low ? EXIT_LOW : 0) +
+    (vulnerabilities.moderate ? EXIT_MODERATE : 0) +
+    (vulnerabilities.high ? EXIT_HIGH : 0) +
+    (vulnerabilities.critical ? EXIT_CRITICAL : 0);
 
   if (flags.summary) {
     audit.summary();
   } else {
     audit.report();
   }
 
-  return totalVulnerabilities;
+  return exitCode;
 }
 
 export default class Audit {