Comparing version 2.2.0 to 2.3.0
@@ -101,2 +101,7 @@ /* | ||
}, | ||
'path-whitelist': { | ||
default: [], | ||
describe: 'Whitelisted vulnerability paths', | ||
type: 'array', | ||
}, | ||
}) | ||
@@ -103,0 +108,0 @@ .help('help'); |
@@ -27,3 +27,3 @@ const npmAuditer = require('./npm-auditer'); | ||
} | ||
if (config['pass-enoaudit']) { | ||
if (config['pass-enoaudit'] && message.includes(RETRY_ERROR_MSG[pm])) { | ||
console.warn( | ||
@@ -30,0 +30,0 @@ '\x1b[33m%s\x1b[0m', |
@@ -26,2 +26,3 @@ /* | ||
this.whitelistedModuleNames = config.whitelist; | ||
this.whitelistedPaths = config['path-whitelist'] || []; | ||
this.whitelistedAdvisoryIds = config.advisories; | ||
@@ -31,2 +32,3 @@ | ||
this.whitelistedAdvisoriesFound = []; | ||
this.whitelistedPathsFound = []; | ||
this.advisoriesFound = []; | ||
@@ -52,2 +54,20 @@ } | ||
advisory.findings.forEach(finding => | ||
finding.paths.forEach(path => { | ||
if (this.whitelistedPaths.includes(`${advisory.id}|${path}`)) { | ||
this.whitelistedPathsFound.push(`${advisory.id}|${path}`); | ||
} | ||
}) | ||
); | ||
if ( | ||
advisory.findings.every(finding => | ||
finding.paths.every(path => | ||
this.whitelistedPaths.includes(`${advisory.id}|${path}`) | ||
) | ||
) | ||
) { | ||
return; | ||
} | ||
this.advisoriesFound.push(advisory); | ||
@@ -83,2 +103,3 @@ } | ||
whitelistedModulesFound: this.whitelistedModulesFound, | ||
whitelistedPathsFound: this.whitelistedPathsFound, | ||
}; | ||
@@ -85,0 +106,0 @@ } |
{ | ||
"name": "audit-ci", | ||
"version": "2.2.0", | ||
"version": "2.3.0", | ||
"description": "Audits npm and yarn projects in CI environments", | ||
@@ -5,0 +5,0 @@ "license": "Apache-2.0", |
@@ -79,2 +79,3 @@ [![Build Status](https://travis-ci.com/IBM/audit-ci.svg?branch=master)](https://travis-ci.com/IBM/audit-ci) | ||
| -w | --whitelist | Vulnerable modules to whitelist from preventing integration (default `none`) | | ||
| | --path-whitelist | Vulnerable module paths to whitelist from preventing integration (default `none`) | | ||
| -d | --directory | The directory containing the package.json to audit (default `./`) | | ||
@@ -105,2 +106,3 @@ | | --pass-enoaudit | Pass if no audit is performed due to the registry returning ENOAUDIT (default `false`) | | ||
"whitelist": <string[]>, // [Optional] defaults `[]` | ||
"path-whitelist": <string[]>, // [Optional] defaults `[]` | ||
"pass-enoaudit": <boolean>, // [Optional] defaults `false` | ||
@@ -154,2 +156,3 @@ "show-not-found": <boolean>, // [Optional] defaults `true` | ||
"whitelist": ["example1", "example2"], | ||
"path-whitelist": ["52|example3", "880|example4", "880|example5>example4"], | ||
"registry": "https://registry.npmjs.org" | ||
@@ -156,0 +159,0 @@ } |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
41449
640
172