Add npm audit resolve command

doc/cli/npm-audit.md

@@ -5,6 +5,7 @@ npm-audit(1) -- Run a security audit
 
     npm audit [--json|--parseable]
     npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
+    npm audit resolve
 
 ## EXAMPLES
 

lib/audit.js

@@ -8,6 +8,7 @@ const Installer = require('./install.js').Installer
 const lockVerify = require('lock-verify')
 const log = require('npmlog')
 const npa = require('npm-package-arg')
+const auditResolver = require('npm-audit-resolver')
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
 const parseJson = require('json-parse-better-errors')
@@ -21,7 +22,8 @@ auditCmd.usage = usage(
   'audit',
   '\nnpm audit [--json]' +
   '\nnpm audit fix ' +
-  '[--force|--package-lock-only|--dry-run|--production|--only=(dev|prod)]'
+  '[--force|--package-lock-only|--dry-run|--production|--only=(dev|prod)]' +
+  '\nnpm audit resolve'
 )
 
 auditCmd.completion = function (opts, cb) {
@@ -130,7 +132,7 @@ function auditCmd (args, cb) {
     err.code = 'EAUDITGLOBAL'
     throw err
   }
-  if (args.length && args[0] !== 'fix') {
+  if (args.length && !['fix', 'resolve'].includes(args[0])) {
     return cb(new Error('Invalid audit subcommand: `' + args[0] + '`\n\nUsage:\n' + auditCmd.usage))
   }
   return Bluebird.all([
@@ -255,6 +257,11 @@ function auditCmd (args, cb) {
           }
         })
       })
+    } else if (args[0] === 'resolve') {
+      output(`Total of ${auditResult.actions.length} actions to process`)
+      return auditResolver.resolveAudit(auditResult, {
+        prefix: npm.prefix
+      }).then(() => output('done.'))
     } else {
       const vulns =
         auditResult.metadata.vulnerabilities.low +

lib/install/audit.js

@@ -9,6 +9,7 @@ exports.printFullReport = printFullReport
 
 const Bluebird = require('bluebird')
 const auditReport = require('npm-audit-report')
+const auditResolver = require('npm-audit-resolver')
 const treeToShrinkwrap = require('../shrinkwrap.js').treeToShrinkwrap
 const packageId = require('../utils/package-id.js')
 const output = require('../utils/output.js')
@@ -105,6 +106,9 @@ function printInstallReport (auditResult) {
 }
 
 function printFullReport (auditResult) {
+  auditResult = auditResolver.skipResolvedActions(auditResult, {
+    prefix: npm.prefix
+  })
   return auditReport(auditResult, {
     log: output,
     reporter: npm.config.get('json') ? 'json' : 'detail',
@@ -244,6 +248,7 @@ function generateMetadata () {
     return readFile(path.resolve(npm.prefix, '.git', headFile), 'utf8')
   }).then((commitHash) => {
     meta.commit_hash = commitHash.trim()
+    //hint: this should be inside promise constructor, so if it throws, promise is rejected
     const proc = spawn('git', qw`diff --quiet --exit-code package.json package-lock.json`, {cwd: npm.prefix, stdio: 'ignore'})
     return new Promise((resolve, reject) => {
       proc.once('error', reject)