npm-audit-report - npm Package Compare versions

Comparing version 1.3.1 to 1.3.2

CHANGELOG.md

		@@ -5,2 +5,14 @@ # Change Log

		<a name="1.3.2"></a>
		## [1.3.2](https://github.com/npm/npm-audit-report/compare/v1.3.1...v1.3.2) (2018-12-18)


		### Bug Fixes

		* parseable: add support for critical vulns and more resolves on update/install action ([#28](https://github.com/npm/npm-audit-report/issues/28)) ([5e27893](https://github.com/npm/npm-audit-report/commit/5e27893))
		* security: audit fix ([ff9faf3](https://github.com/npm/npm-audit-report/commit/ff9faf3))
		* urls: Replace hardcoded URL to advisory with a URL from audit response ([#34](https://github.com/npm/npm-audit-report/issues/34)) ([e2fe95b](https://github.com/npm/npm-audit-report/commit/e2fe95b))



		<a name="1.3.1"></a>
		@@ -7,0 +19,0 @@ ## [1.3.1](https://github.com/npm/npm-audit-report/compare/v1.3.0...v1.3.1) (2018-07-10)

package.json

		{
		"name": "npm-audit-report",
		"version": "1.3.1",
		"version": "1.3.2",
		"description": "Given a response from the npm security api, render it into a variety of security reports",
		@@ -5,0 +5,0 @@ "main": "index.js",

reporters/detail.js

		@@ -120,3 +120,3 @@ 'use strict'
		{'Path': `${resolution.path.split('>').join(Utils.color(' > ', 'grey', config.withColor))}`},
		{'More info': `https://nodesecurity.io/advisories/${advisory.id}`}
		{'More info': advisory.url \|\| `https://www.npmjs.com/advisories/${advisory.id}`}
		)
		@@ -164,3 +164,3 @@
		{'Path': `${resolution.path.split('>').join(Utils.color(' > ', 'grey', config.withColor))}`},
		{'More info': `https://nodesecurity.io/advisories/${advisory.id}`}
		{'More info': advisory.url \|\| `https://www.npmjs.com/advisories/${advisory.id}`}
		)
		@@ -167,0 +167,0 @@ log(table.toString())

reporters/parseable.js

		@@ -14,2 +14,3 @@ 'use strict'
		let accumulator = {
		critical: '',
		high: '',
		@@ -29,12 +30,14 @@ moderate: '',

		// TODO: Verify: The advisory seems to repeat and be the same for all the 'resolves'. Is it true?
		const advisory = data.advisories[action.resolves[0].id]
		l.sevLevel = advisory.severity
		l.severity = advisory.title
		l.package = advisory.module_name
		l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}`
		l.path = action.resolves[0].path
		action.resolves.forEach((resolution) => {
		const advisory = data.advisories[resolution.id]

		accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking]
		.join('\t') + '\n'
		l.sevLevel = advisory.severity
		l.severity = advisory.title
		l.package = advisory.module_name
		l.moreInfo = advisory.url \|\| `https://www.npmjs.com/advisories/${advisory.id}`
		l.path = resolution.path

		accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking]
		.join('\t') + '\n'
		}) // forEach resolves
		}
		@@ -49,3 +52,3 @@
		l.package = advisory.module_name
		l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}`
		l.moreInfo = advisory.url \|\| `https://www.npmjs.com/advisories/${advisory.id}`
		l.patchedIn = advisory.patched_versions.replace(' ', '') === '<0.0.0' ? 'No patch available' : advisory.patched_versions
		@@ -59,3 +62,3 @@ l.path = resolution.path
		}
		return accumulator['high'] + accumulator['moderate'] + accumulator['low']
		return accumulator['critical'] + accumulator['high'] + accumulator['moderate'] + accumulator['low']
		}
		@@ -62,0 +65,0 @@

npm-audit-report - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics