feat(core): Security audit (#5034)

* ✨ Implement security audit

* ⚡ Use logger

* 🧪 Fix test

* ⚡ Switch logger with stdout

* 🎨 Set new logo

* ⚡ Fill out Public API schema

* ✏️ Fix typo

* ⚡ Break dependency cycle

* ⚡ Add security settings values

* 🧪 Test security settings

* ⚡ Add publicly accessible instance warning

* ⚡ Add metric to CLI command

* ✏️ Fix typo

* 🔥 Remove unneeded path alias

* 📘 Add type import

* 🔥 Remove inferrable output type

* ⚡ Set description at correct level

* ⚡ Rename constant for consistency

* ⚡ Sort URLs

* ⚡ Rename local var

* ⚡ Shorten name

* ✏️ Improve phrasing

* ⚡ Improve naming

* ⚡ Fix casing

* ✏️ Add docline

* ✏️ Relocate comment

* ⚡ Add singular/plurals

* 🔥 Remove unneeded await

* ✏️ Improve test description

* ⚡ Optimize with sets

* ⚡ Adjust post master merge

* ✏️ Improve naming

* ⚡ Adjust in spy

* 🧪 Fix outdated instance test

* 🧪 Make diagnostics check consistent

* ⚡ Refactor `getAllExistingCreds`

* ⚡ Create helper `getNodeTypes`

* 🐛 Fix `InternalHooksManager` call

* 🚚 Rename `execution` to `nodes` risk

* ⚡ Add options to CLI command

* ⚡ Make days configurable

* :revert: Undo changes to `BaseCommand`

* ⚡ Improve CLI command UX

* ⚡ Change no-report return value

Empty array to trigger empty state on FE.

* ⚡ Add empty check to `reportInstanceRisk`

* 🧪 Extend Jest `expect`

* 📘 Augment `jest.Matchers`

* 🧪 Set extend as setup file

* 🔧 Override lint rule for `.d.ts`

* ⚡ Use new matcher

* ⚡ Update check

* 📘 Improve typings

* ⚡ Adjust instance risk check

* ✏️ Rename `execution` → `nodes` in Public API schema

* ✏️ Add clarifying comment

* ✏️ Fix typo

* ⚡ Validate categories in CLI command

* ✏️ Improve naming

* ✏️ Make audit reference consistent

* 📘 Fix typing

* ⚡ Use `finally` in CLI command

packages/cli/src/LoadNodesAndCredentials.ts

@@ -142,21 +142,19 @@ export class LoadNodesAndCredentialsClass implements INodesAndCredentials {
 		}
 	}
 
-	async loadNodesFromCustomDirectories(): Promise<void> {
-		// Read nodes and credentials from custom directories
-		const customDirectories = [];
+	getCustomDirectories(): string[] {
+		const customDirectories = [UserSettings.getUserN8nFolderCustomExtensionPath()];
 
-		// Add "custom" folder in user-n8n folder
-		customDirectories.push(UserSettings.getUserN8nFolderCustomExtensionPath());
-
-		// Add folders from special environment variable
 		if (process.env[CUSTOM_EXTENSION_ENV] !== undefined) {
-			// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-			const customExtensionFolders = process.env[CUSTOM_EXTENSION_ENV]!.split(';');
+			const customExtensionFolders = process.env[CUSTOM_EXTENSION_ENV].split(';');
 			customDirectories.push(...customExtensionFolders);
 		}
 
-		for (const directory of customDirectories) {
+		return customDirectories;
+	}
+
+	async loadNodesFromCustomDirectories(): Promise<void> {
+		for (const directory of this.getCustomDirectories()) {
 			await this.runDirectoryLoader(CustomDirectoryLoader, directory);
 		}
 	}