refactor: removing non-needed promises + moving to dedicated parameters

lib/snyk-test/npm/index.js

@@ -30,14 +30,13 @@ function test(root, options) {
       authorization: 'token ' + snyk.api,
     },
   };
-  options.hasDevDependencies = false;
-  options.root = root;
+  var hasDevDependencies = false;
 
-  // if the file exists, let's read the package file and post
-  // that up to the server.
+  // if the file exists, let's read the package files and post
+  // the dependency tree to the server.
   // if it doesn't, then we're assuming this is an existing
   // module on npm, so send the bare argument
-  const p = fs.exists(root)
+  return fs.exists(root)
     .then((exists) => {
       if (!exists) {
         var module = moduleToObject(root);
@@ -74,7 +73,7 @@ function test(root, options) {
           policyLocations = policyLocations.concat(pluckPolicies(pkg));
           debug('policies found', policyLocations);
           analytics.add('policies', policyLocations.length);
-          options.hasDevDependencies = pkg.hasDevDependencies;
+          hasDevDependencies = pkg.hasDevDependencies;
           payload.method = 'POST';
           payload.body = pkg;
           payload.qs = common.assembleQueryString(options);
@@ -97,9 +96,10 @@ function test(root, options) {
               throw error;
             });
         });
+    }).then((data) => {
+      // modules is either null (as defined) or was updated during the flow using node modules
+      return queryForVulns(data, modules, hasDevDependencies, root, options);
     });
-
-  return queryForVulns(p, modules, options);
 }
 
 function generateDependenciesFromLockfile(root, options) {
@@ -149,8 +149,6 @@ function generateDependenciesFromLockfile(root, options) {
 function getDependenciesFromNodeModules(root, options) {
   return fs.exists(path.join(root, 'node_modules'))
     .then(function (nodeModulesExist) {
-      options.hasDevDependencies = false;
-
       if (!nodeModulesExist) {
         // throw a custom error
         throw new Error('Missing node_modules folder: we can\'t test ' +
@@ -169,14 +167,11 @@ function getDependenciesFromNodeModules(root, options) {
     });
 }
 
-function queryForVulns(p, modules, options) {
+function queryForVulns(data, modules, hasDevDependencies, root, options) {
   var lbl = 'Querying vulnerabilities database...';
-  return p.then(function (data) {
-    return spinner(lbl).then(function () {
-      return data;
-    });
-  })
-    .then(function (data) {
+
+  return spinner(lbl)
+    .then(function () {
       var filesystemPolicy = data.payload.body && !!data.payload.body.policy;
       analytics.add('packageManager', 'npm');
       analytics.add('packageName', data.package.name);
@@ -198,7 +193,7 @@ function queryForVulns(p, modules, options) {
             // this is the case where a local module has been tested, but
             // doesn't have any production deps, but we've noted that they
             // have dep deps, so we'll error with a more useful message
-            if (res.statusCode === 404 && options.hasDevDependencies) {
+            if (res.statusCode === 404 && hasDevDependencies) {
               err.code = 'NOT_FOUND_HAS_DEV_DEPS';
             } else {
               err.code = res.statusCode;
@@ -217,6 +212,7 @@ function queryForVulns(p, modules, options) {
         });
       });
     }).then(function (res) {
+      // This branch is valid for node modules flow only
       if (modules) {
         res.dependencyCount = modules.numDependencies;
         if (res.vulnerabilities) {
@@ -249,7 +245,7 @@ function queryForVulns(p, modules, options) {
 
         return snyk.policy.loadFromText(res.policy)
           .then(function (policy) {
-            return policy.filter(res, options.root);
+            return policy.filter(res, root);
           });
       }).then(function (res) {
         analytics.add('vulns', res.vulnerabilities.length);