audit-ci - npm Package Compare versions

Comparing version 2.2.0 to 2.3.0

lib/audit-ci.js

@@ -101,2 +101,7 @@ /*
     },
+    'path-whitelist': {
+      default: [],
+      describe: 'Whitelisted vulnerability paths',
+      type: 'array',
+    },
   })
@@ -103,0 +108,0 @@ .help('help');

lib/audit.js

@@ -27,3 +27,3 @@ const npmAuditer = require('./npm-auditer');
       }
-      if (config['pass-enoaudit']) {
+      if (config['pass-enoaudit'] && message.includes(RETRY_ERROR_MSG[pm])) {
         console.warn(
@@ -30,0 +30,0 @@ '\x1b[33m%s\x1b[0m',

lib/Model.js

@@ -26,2 +26,3 @@ /*
     this.whitelistedModuleNames = config.whitelist;
+    this.whitelistedPaths = config['path-whitelist'] || [];
     this.whitelistedAdvisoryIds = config.advisories;
@@ -31,2 +32,3 @@
     this.whitelistedAdvisoriesFound = [];
+    this.whitelistedPathsFound = [];
     this.advisoriesFound = [];
@@ -52,2 +54,20 @@ }
 
+    advisory.findings.forEach(finding =>
+      finding.paths.forEach(path => {
+        if (this.whitelistedPaths.includes(`${advisory.id}|${path}`)) {
+          this.whitelistedPathsFound.push(`${advisory.id}|${path}`);
+        }
+      })
+    );
+
+    if (
+      advisory.findings.every(finding =>
+        finding.paths.every(path =>
+          this.whitelistedPaths.includes(`${advisory.id}|${path}`)
+        )
+      )
+    ) {
+      return;
+    }
+
     this.advisoriesFound.push(advisory);
@@ -83,2 +103,3 @@ }
       whitelistedModulesFound: this.whitelistedModulesFound,
+      whitelistedPathsFound: this.whitelistedPathsFound,
     };
@@ -85,0 +106,0 @@ }

package.json

 {
   "name": "audit-ci",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "Audits npm and yarn projects in CI environments",
@@ -5,0 +5,0 @@ "license": "Apache-2.0",

README.md

@@ -79,2 +79,3 @@ [![Build Status](https://travis-ci.com/IBM/audit-ci.svg?branch=master)](https://travis-ci.com/IBM/audit-ci)
 | -w   | --whitelist       | Vulnerable modules to whitelist from preventing integration (default `none`)                          |
+|      | --path-whitelist  | Vulnerable module paths to whitelist from preventing integration (default `none`)                     |
 | -d   | --directory       | The directory containing the package.json to audit (default `./`)                                     |
@@ -105,2 +106,3 @@ |      | --pass-enoaudit   | Pass if no audit is performed due to the registry returning ENOAUDIT (default `false`)                |
   "whitelist": <string[]>, // [Optional] defaults `[]`
+  "path-whitelist": <string[]>, // [Optional] defaults `[]`
   "pass-enoaudit": <boolean>, // [Optional] defaults `false`
@@ -154,2 +156,3 @@ "show-not-found": <boolean>, // [Optional] defaults `true`
   "whitelist": ["example1", "example2"],
+  "path-whitelist": ["52|example3", "880|example4", "880|example5>example4"],
   "registry": "https://registry.npmjs.org"
@@ -156,0 +159,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

41449

increased by2.56%

Lines of code

640

increased by3.9%

Number of lines in readme file

172

increased by1.78%

No dependency changes