diff --git a/.README/unused_exception.png b/.README/unused_exception.png index ea07188..ac3992f 100644 Binary files a/.README/unused_exception.png and b/.README/unused_exception.png differ diff --git a/CHANGELOG.md b/CHANGELOG.md index 046800e..b94f4d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## Next: 2.0.3-rc +## 2.0.4 (June 22, 2021) ### Notable changes @@ -23,7 +23,7 @@ * Added `.github/FUNDING.yml` * Updated `README.md` -## Closed issues +### Closed issues * [#20](https://github.com/jeemok/better-npm-audit/issues/20) Provide more output when parsing exceptions file * [#27](https://github.com/jeemok/better-npm-audit/issues/27) Hide excepted vulnerabilities from output diff --git a/index.js b/index.js index 072558f..38e589e 100755 --- a/index.js +++ b/index.js @@ -44,9 +44,11 @@ function handleFinish(jsonBuffer, auditLevel, exceptionIds) { // Display the unused exceptionId's if (unusedExceptionIds.length) { - // eslint-disable-next-line max-len - const message = `${unusedExceptionIds.length} vulnerabilities where excluded but did not result in a vulnerabilities: ${unusedExceptionIds.join(', ')}. They can be removed from the .nsprc file or --exclude -x flags.`; - console.warn(message); + const messages = [ + `${unusedExceptionIds.length} of the excluded vulnerabilities did not match any of the found vulnerabilities: ${unusedExceptionIds.join(', ')}.`, + `${unusedExceptionIds.length > 1 ? 'They' : 'It'} can be removed from the .nsprc file or --exclude -x flags.`, + ]; + console.warn(messages.join(' ')); } // Display the found unhandled vulnerabilities diff --git a/package-lock.json b/package-lock.json index 93c61a9..a95d943 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "better-npm-audit", - "version": "2.0.3-rc", + "version": "2.0.4", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 351d9cf..38fee11 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,8 @@ { "name": "better-npm-audit", - "version": "2.0.3-rc", + "version": "2.0.4", "author": "Jee Mok ", - "description": "Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default npm audit in the future.", + "description": "Reshape npm audit into the way the community would like, by the community itself, to encourage more people to do security audits.", "license": "MIT", "repository": { "type": "git", diff --git a/test/index.js b/test/index.js index eee181d..3c381bb 100644 --- a/test/index.js +++ b/test/index.js @@ -91,7 +91,8 @@ describe('Events handling', () => { const consoleInfoStub = sinon.stub(console, 'info'); const jsonBuffer = JSON.stringify(V6_JSON_BUFFER); const auditLevel = 'info'; - const exceptionIds = [975, 976, 985, 1084, 1179, 1213, 1500, 1523, 1555, 2001, 2002]; + + let exceptionIds = [975, 976, 985, 1084, 1179, 1213, 1500, 1523, 1555, 2001]; expect(processStub.called).to.equal(false); expect(consoleErrorStub.called).to.equal(false); @@ -107,8 +108,17 @@ describe('Events handling', () => { expect(consoleInfoStub.called).to.equal(true); // Print security report expect(consoleWarnStub.called).to.equal(true); + + // Message for one unused exception + // eslint-disable-next-line max-len + let message = `1 of the excluded vulnerabilities did not match any of the found vulnerabilities: 2001. It can be removed from the .nsprc file or --exclude -x flags.`; + expect(consoleWarnStub.calledWith(message)).to.equal(true); + + // Message for multiple unused exceptions + exceptionIds = [975, 976, 985, 1084, 1179, 1213, 1500, 1523, 1555, 2001, 2002]; + handleFinish(jsonBuffer, auditLevel, exceptionIds); // eslint-disable-next-line max-len - const message = `2 vulnerabilities where excluded but did not result in a vulnerabilities: 2001, 2002. They can be removed from the .nsprc file or --exclude -x flags.`; + message = `2 of the excluded vulnerabilities did not match any of the found vulnerabilities: 2001, 2002. They can be removed from the .nsprc file or --exclude -x flags.`; expect(consoleWarnStub.calledWith(message)).to.equal(true); processStub.restore();