Refactored whole process

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: jeemok
+custom: https://www.buymeacoffee.com/jeemok

.github/workflows/node.js.yml

@@ -27,4 +27,5 @@ jobs:
         node-version: ${{ matrix.node-version }}
     - run: npm ci
     - run: npm run lint
-    - run: npm run test
+    - run: npm run test
+    - run: npm run audit

CHANGELOG.md

@@ -1,27 +1,54 @@
+## Next: 2.0.0-rc
+
+### Notable changes
+
+* Simplified the workflow and improved overall performance by running less.
+    * Reduce code size and package size in half (! 
+* Added own table display for security report
+* Added table overview of exceptions from `.nsprc` file
+
+### Breaking changes
+
+* Renamed `ignore` field to `active` in `.nsprc` file for better clarity.
+* Renamed `reason` field to `notes` in `.nsprc` file for better clarity.
+* Removed `--display-full` flag that was used to ignore the maximum display limit. Now with the summary table it would be unlikely to display large size of information.
+* Removed `--display-notes` flag that was used for displaying exception notes. Now it is included in the exceptions table.
+
+### Others
+
+* Removed logging of flags used
+* Added npm audit into CI pipeline
+* Added FUNDING.md
+* Updated README.md
+
+## Closed issues
+
+* # []()
+
+---
+
 ## 1.12.0 (June 18, 2021)
 
-* [Display warning when exceptionIds are unused](https://github.com/jeemok/better-npm-audit/pull/38)
+* [#38](https://github.com/jeemok/better-npm-audit/pull/38) Display warning when `exceptionIds` are unused
 
 ## 1.11.2 (June 11, 2021)
 
-* [Fixed security CVE-2020-28469: Bump glob-parent from 5.1.1 to 5.1.2](https://github.com/jeemok/better-npm-audit/pull/37)
+* [#37](https://github.com/jeemok/better-npm-audit/pull/37) Fixed security CVE-2020-28469: Bump glob-parent from 5.1.1 to 5.1.2
 
 ## 1.11.1 (June 11, 2021)
 
-* Updated README
+* Updated `README.md`
 
 ## 1.11.0 (June 11, 2021)
 
-* [Added environment variable support `process.env.NPM_CONFIG_AUDIT_LEVEL` to set the audit level](https://github.com/jeemok/better-npm-audit/pull/36)
+* [#36](https://github.com/jeemok/better-npm-audit/pull/36) Added environment variable support `process.env.NPM_CONFIG_AUDIT_LEVEL` to set the audit level
 
 ## 1.10.1 (June 7, 2021)
 
 * Updated `--full` flag logging from `[full log mode enabled]` to `[report display limit disabled]`
-* [Added new flag `--display-notes` to display reasons for the exceptions](https://github.com/jeemok/better-npm-audit/issues/32)
+* [#32](https://github.com/jeemok/better-npm-audit/issues/32) Added new flag `--display-notes` to display reasons for the exceptions
 
 ## 1.9.3 (June 6, 2021)
 
-### Features
-
-* [Added CHANGELOG.md](https://github.com/jeemok/better-npm-audit/issues/31)
+* [#31](https://github.com/jeemok/better-npm-audit/issues/31) Added `CHANGELOG.md`
 * Updated `README.md`

README.md

@@ -32,7 +32,21 @@ or
 
 ## Usage
 
-### `package.json`
+### Run global
+
+```bash
+better-npm-audit audit
+```
+
+### Run with exceptions
+
+<img src="./.README/all_good.png" alt="Demo of table displaying the security report" width="1000"/>
+
+Unhandled or new exceptions will be highlighted:
+
+<img src="./.README/highlighted_exceptions.png" alt="Demo of table displaying the security report" width="820"/>
+
+### Add into package scripts
 
 ```JSON
 {
@@ -43,10 +57,10 @@ or
 }
 ```
 
-### Run global
+Now you can run locally or in your CI pipeline:
 
 ```bash
-better-npm-audit audit
+npm run audit
 ```
 
 <br />
@@ -58,16 +72,14 @@ better-npm-audit audit
 | `--level`         | `-l`  | Same as the original `--audit-level` flag                                                                                     |
 | `--production`    | `-p`  | Skip checking `devDependencies`                                                                                               |
 | `--ignore`        | `-i`  | For skipping certain advisories                                                                                               |
-| `--full`          | `-f`  | Display full audit report. There is a character limit set to the audit report to prevent overwhelming details to the console. |
-| `--display-notes` | `-d`  | Display the reasons of matched exceptions from `.nsprc` file.                                                                 |
 
 <br />
 
 ## Environment Variables
 
 | Variable                             | Description                                                                                                       |
 | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------- |
-| `process.env.NPM_CONFIG_AUDIT_LEVEL` | Used in setting the audit level. <br /> *Note: this will be disregard if the audit level flag is passed onto the command.* |
+| `NPM_CONFIG_AUDIT_LEVEL` | Used in setting the audit level. <br /> *Note: this will be disregard if the audit level flag is passed onto the command.* |
 
 <br />
 
@@ -78,153 +90,23 @@ You may add a file `.nsprc` to your project root directory to manage the excepti
 ```json
 {
   "1337": {
-    "ignore": true,
-    "reason": "Ignored since we don't use xxx method",
+    "active": true,
+    "notes": "Ignored since we don't use xxx method",
     "expiry": 1615462134681
   },
   "4501": {
-    "ignore": false,
-    "reason": "Ignored since we don't use xxx method"
+    "active": false,
+    "notes": "Ignored since we don't use xxx method"
   },
   "980": "Ignored since we don't use xxx method",
-  "Note": "Any non number key will be ignored"
+  "Note": "Any non number key will not be excepted"
 }
 ```
 
-<br />
-
-## Examples
-
-**NPM v6**
-
-Running `node node_modules/better-npm-audit audit` with vulnerabilities, will receive the error:
-
-```bash
-2 vulnerabilities found. Node security advisories: 118,577
-```
-
-Added the ignore flags `node node_modules/better-npm-audit audit -i 118,577` and rerun:
-
-```bash
-Executing script: audit
-
-to be executed: "node node_modules/better-npm-audit audit -i 118,577"
-Exception Vulnerabilities IDs:  [ '118', '577' ]
-=== npm audit security report ===
-
-
-                                 Manual Review
-             Some vulnerabilities require your attention to resolve
-
-          Visit https://go.npm.me/audit-guide for additional guidance
+When using `.nsprc` file, you will see this report display when it starts running:
 
+<img src="./.README/exceptions_table.png" alt="Demo of table displaying a list of exceptions" width="820"/>
 
-  High            Regular Expression Denial of Service
-
-  Package         minimatch
-
-  Patched in      >=3.0.2
-
-  Dependency of   semantic-ui
-
-  Path            semantic-ui > gulp > vinyl-fs > glob-stream > glob >
-                  minimatch
-
-  More info       https://nodesecurity.io/advisories/118
-
-
-  High            Regular Expression Denial of Service
-
-  Package         minimatch
-
-  Patched in      >=3.0.2
-
-  Dependency of   semantic-ui
-
-  Path            semantic-ui > gulp > vinyl-fs > glob-watcher > gaze >
-                  globule > minimatch
-
-  More info       https://nodesecurity.io/advisories/118
-
-
-  Low             Prototype Pollution
-
-  Package         lodash
-
-  Patched in      >=4.17.5
-
-  Dependency of   semantic-ui
-
-  Path            semantic-ui > gulp > vinyl-fs > glob-watcher > gaze >
-                  globule > lodash
-
-  More info       https://nodesecurity.io/advisories/577
-
-found 5 vulnerabilities (1 low, 4 high) in 30441 scanned packages
-  5 vulnerabilities require manual review. See the full report for details.
-
-🤝  All good
-```
-
-**NPM v7**
-
-```bash
-# npm audit report
-
-bl  <=1.2.2 || 2.0.1 - 2.2.0 || 3.0.0 || 4.0.0 - 4.0.2
-Severity: high
-Remote Memory Exposure - https://npmjs.com/advisories/1555
-fix available via `npm audit fix`
-node_modules/bl
-
-dot-prop  <4.2.1 || >=5.0.0 <5.1.1
-Severity: high
-Prototype Pollution - https://npmjs.com/advisories/1213
-fix available via `npm audit fix`
-node_modules/dot-prop
-
-mem  <4.0.0
-Denial of Service - https://npmjs.com/advisories/1084
-fix available via `npm audit fix`
-node_modules/loopback-connector-rest/node_modules/mem
-  os-locale  2.0.0 - 3.0.0
-  Depends on vulnerable versions of mem
-  node_modules/loopback-connector-rest/node_modules/os-locale
-    strong-globalize  2.8.4 || 2.10.0 - 4.1.1
-    Depends on vulnerable versions of os-locale
-    node_modules/loopback-connector-rest/node_modules/strong-globalize
-
-swagger-ui  <=3.20.8
-Severity: moderate
-Reverse Tabnapping - https://npmjs.com/advisories/975
-Cross-Site Scripting - https://npmjs.com/advisories/976
-Cross-Site Scripting - https://npmjs.com/advisories/985
-fix available via `npm audit fix --force`
-Will install loopback-component-explorer@2.7.0, which is a breaking change
-node_modules/swagger-ui
-  loopback-component-explorer  >=3.0.0
-  Depends on vulnerable versions of swagger-ui
-  node_modules/loopback-component-explorer
-
-yargs-parser  <=13.1.1 || 14.0.0 - 15.0.0 || 16.0.0 - 18.1.1
-Prototype Pollution - https://npmjs.com/advisories/1500
-fix available via `npm audit fix`
-node_modules/mocha/node_modules/yargs-parser
-node_modules/yargs-unparser/node_modules/yargs-parser
-  mocha  1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0
-  Depends on vulnerable versions of mkdirp
-  Depends on vulnerable versions of yargs-parser
-  Depends on vulnerable versions of yargs-unparser
-  node_modules/mocha
-  yargs  4.0.0-alpha1 - 12.0.5 || 14.1.0 || 15.0.0 - 15.2.0
-  Depends on vulnerable versions of yargs-parser
-  node_modules/yargs-unparser/node_modules/yargs
-    yargs-unparser  1.1.0 - 1.5.0
-    Depends on vulnerable versions of yargs
-    node_modules/yargs-unparser
-
-18 vulnerabilities (14 low, 2 moderate, 2 high)
-```
 
 <br />