Fixed #14

kenduck · kenduck · commit d04527ad529d · 2017-05-23T00:00:43.000-04:00
diff --git a/audit.js b/audit.js
@@ -84,6 +84,12 @@ var actualAudits = 0;
  */
 var dependencies = [];
 
+/**
+ * Map of dependencies to audit. This ensures we only audit a dependency
+ * once.
+ */
+var auditLookup = {};
+
 /**
  * Count encountered vulnerabilities
  */
@@ -297,7 +303,15 @@ function getDependencyList(depMap) {
                         // Only add a dependency once
                         if(lookup[name + o.version] == undefined) {
                                 lookup[name + o.version] = true;
-                                results.push({"pm": pm, "name": name, "version": o.version});
+                                // We need both the local and global "auditLookup" tables.
+                                // The global lookup is used to ensure we only audit a
+                                // dependency once, but cannot be done at the same level
+                                // as the local lookup since the sub-dependencies are not
+                                // available at all locations of the dependency tree (depMap).
+                                if (auditLookup[name + o.version] == undefined) {
+									auditLookup[name + o.version] = true;
+									results.push({"pm": pm, "name": name, "version": o.version});
+								}
                                 if(o.dependencies) {
                                         var deps = getDependencyList(o.dependencies);
 
@@ -311,7 +325,10 @@ function getDependencyList(depMap) {
                         // Only add a dependency once
                         if(lookup[name + o] == undefined) {
                                 lookup[name + o] = true;
-                                results.push({"pm": pm, "name": name, "version": o});
+                                if (auditLookup[name + o] == undefined) {
+									auditLookup[name + o] = true;
+									results.push({"pm": pm, "name": name, "version": o});
+								}
                         }
                 }
         }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "auditjs",
-  "version": "2.1.6",
+  "version": "2.1.7",
   "description": "Audit dependencies to identify known vulnerabilities and maintenance problems",
   "main": "audit-package.js",
   "bin": "./audit.js",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "auditjs",`
`3`		`- "version": "2.1.6",`
	`3`	`+ "version": "2.1.7",`
`4`	`4`	`"description": "Audit dependencies to identify known vulnerabilities and maintenance problems",`
`5`	`5`	`"main": "audit-package.js",`
`6`	`6`	`"bin": "./audit.js",`