From 0f72d983354916ca41811dada1a11c9bbc1c6716 Mon Sep 17 00:00:00 2001
From: Andre Azzolini <andre@azzolini.io>
Date: Fri, 17 Sep 2021 18:21:43 +0000
Subject: [PATCH 1/2] Add BASE_DIRECTORY envvar

---
 entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 122071c8f..db126b190 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -27,6 +27,6 @@ custom_info:
 reports:
   - uri: $INPUT_REPORT_URI
     format: $INPUT_REPORT_FORMAT
-    verbose: $INPUT_REPORT_VERBOSITY" | tee $GITHUB_WORKSPACE/../salus-configuration.yaml 
+    verbose: $INPUT_REPORT_VERBOSITY" | tee $GITHUB_WORKSPACE/../salus-configuration.yaml
 
-cd /home && BUNDLE_GEMFILE=/home/Gemfile bundle exec /home/bin/salus scan --repo_path "$GITHUB_WORKSPACE" --config "$SALUS_CONFIGURATION"
+cd /home && BUNDLE_GEMFILE=/home/Gemfile bundle exec /home/bin/salus scan --repo_path "$GITHUB_WORKSPACE/$BASE_DIRECTORY" --config "$SALUS_CONFIGURATION"

From e7976c559218a740d0972682d0be2fde227b2e84 Mon Sep 17 00:00:00 2001
From: Andre Azzolini <andre@azzolini.io>
Date: Fri, 17 Sep 2021 22:02:23 +0000
Subject: [PATCH 2/2] Add pnpm audit support

---
 Dockerfile                      | 3 ++-
 lib/salus/scanners/npm_audit.rb | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e6839f086..167f2eff9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -132,6 +132,7 @@ ENV NODE_DOWNLOAD_URL https://nodejs.org/dist/v${NODE_VERSION}/${NODE_TARBALL_FI
 ENV NODE_DOWNLOAD_SHA256 bf30432175ea8a95fa3e5fe09e96d9fc17b07099742d5c83c4cf9d0edfc411ff
 ENV NPM_VERSION 6.14.8
 ENV YARN_VERSION 1.22.0
+ENV PNPM_VERSION 6.14.7
 ENV NPM_CONFIG_LOGLEVEL info
 
 COPY build/package.json build/yarn.lock /home/
@@ -140,11 +141,11 @@ RUN curl -fsSL "$NODE_DOWNLOAD_URL" -o node.tar.gz \
   && tar -C /usr/local -xzf node.tar.gz --strip-components=1 \
   && npm install -g npm@${NPM_VERSION} \
   && npm install -g yarn@${YARN_VERSION} \
+  && npm install -g pnpm@${PNPM_VERSION} \
   && cd /home \
   && yarn install \
   && rm -rf /node.tar.gz package.json yarn.lock /tmp/* ~/.npm
 
-
 ### All other tools
 ENV PIP_VERSION 18.1
 COPY --from=builder /root/go/bin/sift /usr/local/bin
diff --git a/lib/salus/scanners/npm_audit.rb b/lib/salus/scanners/npm_audit.rb
index ca350b187..e8bcf987b 100644
--- a/lib/salus/scanners/npm_audit.rb
+++ b/lib/salus/scanners/npm_audit.rb
@@ -7,14 +7,14 @@
 
 module Salus::Scanners
   class NPMAudit < NodeAudit
-    AUDIT_COMMAND = 'npm audit --json'.freeze
+    AUDIT_COMMAND = 'pnpm audit --json'.freeze
 
     def should_run?
-      @repository.package_lock_json_present?
+      true
     end
 
     def version
-      shell_return = run_shell('npm audit --version')
+      shell_return = run_shell('pnpm --version')
       # stdout looks like "6.14.8\n"
       shell_return.stdout&.strip
     end