better-npm-audit - npm Package Compare versions

Comparing version 2.0.3-rc to 2.0.4

CHANGELOG.md

		@@ -1,2 +0,2 @@
		## Next: 2.0.0-rc
		## 2.0.4 (June 22, 2021)

		@@ -26,3 +26,3 @@ ### Notable changes

		## Closed issues
		### Closed issues

		@@ -35,2 +35,7 @@ * [#20](https://github.com/jeemok/better-npm-audit/issues/20) Provide more output when parsing exceptions file

		## 1.12.1 (June 21, 2021)

		* Added `FUNDING.yml`
		* Updated `README.md`

		## 1.12.0 (June 18, 2021)
		@@ -37,0 +42,0 @@

index.js

		@@ -47,5 +47,7 @@ #!/usr/bin/env node
		if (unusedExceptionIds.length) {
		// eslint-disable-next-line max-len
		const message = `${unusedExceptionIds.length} vulnerabilities where excluded but did not result in a vulnerabilities: ${unusedExceptionIds.join(', ')}. They can be removed from the .nsprc file or --exclude -x flags.`;
		console.warn(message);
		const messages = [
		`${unusedExceptionIds.length} of the excluded vulnerabilities did not match any of the found vulnerabilities: ${unusedExceptionIds.join(', ')}.`,
		`${unusedExceptionIds.length > 1 ? 'They' : 'It'} can be removed from the .nsprc file or --exclude -x flags.`,
		];
		console.warn(messages.join(' '));
		}
		@@ -52,0 +54,0 @@

package.json

		{
		"name": "better-npm-audit",
		"version": "2.0.3-rc",
		"version": "2.0.4",
		"author": "Jee Mok <jee.ict@hotmail.com>",
		"description": "Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default npm audit in the future.",
		"description": "Reshape npm audit into the way the community would like, by the community itself, to encourage more people to do security audits.",
		"license": "MIT",
		@@ -7,0 +7,0 @@ "repository": {

README.md

		# Better NPM Audit

		Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default `npm audit` in the future.
		The goal of this project is to help to reshape npm audit into the way the community would like, by the community itself. Giving another option for everyone and encourage more people to do security audits.

		@@ -25,3 +25,3 @@ [![NPM](https://nodei.co/npm/better-npm-audit.png)](https://npmjs.org/package/better-npm-audit)

		$ npm install better-npm-audit
		$ npm install --save better-npm-audit

		@@ -60,3 +60,3 @@ or
		"prepush": "npm run test && npm run audit",
		"audit": "node node_modules/better-npm-audit audit"
		"audit": "better-npm-audit audit audit"
		}
		@@ -63,0 +63,0 @@ }

test/index.js

		@@ -94,4 +94,5 @@ const sinon = require('sinon');
		const auditLevel = 'info';
		const exceptionIds = [975, 976, 985, 1084, 1179, 1213, 1500, 1523, 1555, 2001, 2002];

		let exceptionIds = [975, 976, 985, 1084, 1179, 1213, 1500, 1523, 1555, 2001];

		expect(processStub.called).to.equal(false);
		@@ -111,6 +112,15 @@ expect(consoleErrorStub.called).to.equal(false);
		expect(consoleWarnStub.called).to.equal(true);

		// Message for one unused exception
		// eslint-disable-next-line max-len
		const message = `2 vulnerabilities where excluded but did not result in a vulnerabilities: 2001, 2002. They can be removed from the .nsprc file or --exclude -x flags.`;
		let message = `1 of the excluded vulnerabilities did not match any of the found vulnerabilities: 2001. It can be removed from the .nsprc file or --exclude -x flags.`;
		expect(consoleWarnStub.calledWith(message)).to.equal(true);

		// Message for multiple unused exceptions
		exceptionIds = [975, 976, 985, 1084, 1179, 1213, 1500, 1523, 1555, 2001, 2002];
		handleFinish(jsonBuffer, auditLevel, exceptionIds);
		// eslint-disable-next-line max-len
		message = `2 of the excluded vulnerabilities did not match any of the found vulnerabilities: 2001, 2002. They can be removed from the .nsprc file or --exclude -x flags.`;
		expect(consoleWarnStub.calledWith(message)).to.equal(true);

		processStub.restore();
		@@ -117,0 +127,0 @@ consoleErrorStub.restore();

.README/unused_exception.png

Sorry, the diff of this file is not supported yet

New alerts