better-npm-audit - npm Package Compare versions

5

CHANGELOG.md

		@@ -13,6 +13,7 @@ ## Next: 2.0.0-rc

		* Renamed `--ignore -i` flag to `--exclude -x` for better clarity.
		* Removed `--display-full` flag that was used to ignore the maximum display limit. Now with the summary table it would be unlikely to display large size of information.
		* Removed `--display-notes` flag that was used for displaying exception notes. Now it is included in the exceptions table.
		* Renamed `ignore` field to `active` in `.nsprc` file for better clarity.
		* Renamed `reason` field to `notes` in `.nsprc` file for better clarity.
		* Removed `--display-full` flag that was used to ignore the maximum display limit. Now with the summary table it would be unlikely to display large size of information.
		* Removed `--display-notes` flag that was used for displaying exception notes. Now it is included in the exceptions table.

		@@ -19,0 +20,0 @@ ### Others

12

index.js

		@@ -23,3 +23,3 @@ #!/usr/bin/env node
		* @param {Number} auditLevel The level of vulnerabilities we care about
		* @param {Array} exceptionIds List of vulnerability IDs to ignore
		* @param {Array} exceptionIds List of vulnerability IDs to exclude
		* @return {undefined}
		@@ -49,3 +49,3 @@ */
		// eslint-disable-next-line max-len
		const message = `${unusedExceptionIds.length} vulnerabilities where ignored but did not result in a vulnerabilities: ${unusedExceptionIds.join(', ')}. They can be removed from the .nsprc file or -ignore -i flags.`;
		const message = `${unusedExceptionIds.length} vulnerabilities where excluded but did not result in a vulnerabilities: ${unusedExceptionIds.join(', ')}. They can be removed from the .nsprc file or --exclude -x flags.`;
		console.warn(message);
		@@ -69,3 +69,3 @@ }
		* @param {Number} auditLevel The level of vulnerabilities we care about
		* @param {Array} exceptionIds List of vulnerability IDs to ignore
		* @param {Array} exceptionIds List of vulnerability IDs to exclude
		*/
		@@ -106,3 +106,3 @@ function audit(auditCommand, auditLevel, exceptionIds) {
		const nsprc = readFile('.nsprc');
		const cmdExceptions = get(options, 'ignore', '').split(',').filter(isWholeNumber).map(Number);
		const cmdExceptions = get(options, 'exclude', '').split(',').filter(isWholeNumber).map(Number);
		const exceptionIds = getExceptionsIds(nsprc, cmdExceptions);
		@@ -118,5 +118,5 @@
		.description('execute npm audit')
		.option('-i, --ignore <ids>', 'Vulnerabilities ID(s) to ignore.')
		.option('-x, --exclude <ids>', 'Exceptions or the vulnerabilities ID(s) to exclude.')
		.option('-l, --level <auditLevel>', 'The minimum audit level to validate.')
		.option('-p, --production', 'Skip checking devDependencies.')
		.option('-p, --production', 'Skip checking the devDependencies.')
		.action(options => handleAction(options, audit));
		@@ -123,0 +123,0 @@

4

package.json

		{
		"name": "better-npm-audit",
		"version": "2.0.1-rc",
		"version": "2.0.2-rc",
		"author": "Jee Mok <jee.ict@hotmail.com>",
		@@ -16,2 +16,4 @@ "description": "Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default npm audit in the future.",
		"ignore",
		"exclude",
		"exceptions",
		"node",
		@@ -18,0 +20,0 @@ "security",

19

README.md

		@@ -70,7 +70,7 @@ # Better NPM Audit

		\| Flag \| Short \| Description \|
		\| -------------- \| ----- \| ----------------------------------------- \|
		\| `--level` \| `-l` \| Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking `devDependencies` \|
		\| `--ignore` \| `-i` \| For skipping certain advisories \|
		\| Flag \| Short \| Description \|
		\| -------------- \| ----- \| ------------------------------------------------------------------------------ \|
		\| `--exclude` \| `-x` \| Exceptions or the vulnerabilities ID(s) to exclude \|
		\| `--level` \| `-l` \| The minimum audit level to validate; Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking the `devDependencies` \|

		@@ -106,9 +106,10 @@ <br />
		```

		### Fields

		\| Attribute \| Description \| Default \|
		\| --------- \| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- \| ------- \|
		\| `active` \| Boolean type to determine if we should use it for exception; `true` or `false` \| `true` \|
		\| Attribute \| Description \| Default \|
		\| --------- \| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \| ------- \|
		\| `active` \| Boolean type to determine if we should use it for exception; `true` or `false` \| `true` \|
		\| `expiry` \| Date time in milliseconds, the number of milliseconds since midnight 01 January, 1970 UTC.<br />You can use `new Date(2021, 1, 1).valueOf()` to get the milliseconds value. \| \|
		\| `notes` \| Notes related to the vulnerability; will be displayed in the table summary.
		\| `notes` \| Notes related to the vulnerability; will be displayed in the table summary. \|

		@@ -115,0 +116,0 @@ <br />

2

test/__mocks__/exception-table.js

		@@ -20,2 +20,2 @@ module.exports =
		╚══════╧══════════╧═══════════════════════════════╧═════════════════════════════════════════════════════════════╝
		`;
		`;

4

test/__mocks__/v7-security-report-table.js

		@@ -1,2 +0,2 @@
		module.exports =
		module.exports =
		`╔═══════════════════════════════════════════════════════════════════════════════════════════════════╗
		@@ -18,2 +18,2 @@ ║ === npm audit security report === ║
		╚══════╧══════════════╧════════════════════════╧══════════╧═══════════════════════════════════╧═════╝
		`;
		`;

14

test/flags.js

		@@ -24,7 +24,7 @@ const sinon = require('sinon');

		describe('--ignore', () => {
		describe('--exclude', () => {
		it('should be able to pass exception IDs using the command flag smoothly', () => {
		const callbackStub = sinon.stub();
		const consoleStub = sinon.stub(console, 'info');
		const options = { ignore: '1567,919' };
		const options = { exclude: '1567,919' };
		const auditCommand = 'npm audit ';
		@@ -41,3 +41,3 @@ const auditLevel = 'info';
		// with space
		options.ignore = '1567, 1902';
		options.exclude = '1567, 1902';
		handleAction(options, callbackStub);
		@@ -48,3 +48,3 @@ expect(callbackStub.calledWith(auditCommand, auditLevel, [1567, 1902])).to.equal(true);
		// invalid exceptions
		options.ignore = '1134,undefined,888';
		options.exclude = '1134,undefined,888';
		handleAction(options, callbackStub);
		@@ -55,3 +55,3 @@ expect(callbackStub.calledWith(auditCommand, auditLevel, [1134, 888])).to.equal(true);
		// invalid NaN
		options.ignore = '1134,NaN,3e,828';
		options.exclude = '1134,NaN,3e,828';
		handleAction(options, callbackStub);
		@@ -62,3 +62,3 @@ expect(callbackStub.calledWith(auditCommand, auditLevel, [1134, 828])).to.equal(true);
		// invalid decimals
		options.ignore = '1199,29.41,628';
		options.exclude = '1199,29.41,628';
		handleAction(options, callbackStub);
		@@ -74,3 +74,3 @@ expect(callbackStub.calledWith(auditCommand, auditLevel, [1199, 628])).to.equal(true);
		const consoleStub = sinon.stub(console, 'info');
		const options = { ignore: '1567,919' };
		const options = { exclude: '1567,919' };
		const auditCommand = 'npm audit ';
		@@ -77,0 +77,0 @@ const auditLevel = 'info';

2

test/index.js

		@@ -111,3 +111,3 @@ const sinon = require('sinon');
		// eslint-disable-next-line max-len
		const message = `2 vulnerabilities where ignored but did not result in a vulnerabilities: 2001, 2002. They can be removed from the .nsprc file or -ignore -i flags.`;
		const message = `2 vulnerabilities where excluded but did not result in a vulnerabilities: 2001, 2002. They can be removed from the .nsprc file or --exclude -x flags.`;
		expect(consoleWarnStub.calledWith(message)).to.equal(true);
		@@ -114,0 +114,0 @@

.nsprc.sample

Sorry, the diff of this file is not supported yet

		@@ -70,7 +70,7 @@ # Better NPM Audit

		\| Flag \| Short \| Description \|
		\| -------------- \| ----- \| ----------------------------------------- \|
		\| `--level` \| `-l` \| Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking `devDependencies` \|
		\| `--ignore` \| `-i` \| For skipping certain advisories \|
		\| Flag \| Short \| Description \|
		\| -------------- \| ----- \| ------------------------------------------------------------------------------ \|
		\| `--exclude` \| `-x` \| Exceptions or the vulnerabilities ID(s) to exclude \|
		\| `--level` \| `-l` \| The minimum audit level to validate; Same as the original `--audit-level` flag \|
		\| `--production` \| `-p` \| Skip checking the `devDependencies` \|

		@@ -106,9 +106,10 @@ <br />
		```

		### Fields

		\| Attribute \| Description \| Default \|
		\| --------- \| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- \| ------- \|
		\| `active` \| Boolean type to determine if we should use it for exception; `true` or `false` \| `true` \|
		\| Attribute \| Description \| Default \|
		\| --------- \| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \| ------- \|
		\| `active` \| Boolean type to determine if we should use it for exception; `true` or `false` \| `true` \|
		\| `expiry` \| Date time in milliseconds, the number of milliseconds since midnight 01 January, 1970 UTC.<br />You can use `new Date(2021, 1, 1).valueOf()` to get the milliseconds value. \| \|
		\| `notes` \| Notes related to the vulnerability; will be displayed in the table summary.
		\| `notes` \| Notes related to the vulnerability; will be displayed in the table summary. \|

		@@ -115,0 +116,0 @@ <br />

better-npm-audit - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics