Show skip reason on output

[pyymenta]

Hi there,

First of all, I have to say that you guys are doing a good job with this lib!

Then, here's my question:

There's a way to show the ignore reason of each vulnerabilities as we show the advisories id?

Thank you guys!

[jeemok]

thanks, @pyymenta! yeah, I think that's a good idea and definitely doable, will make the changes this weekend! Is there any display format you'd prefer? (since you're the feature requester 😃 ) I'm thinking maybe:

Exception vulnerabilities ID(s): 
- 1674: This is not impacting our application after investigation
- 1678: n/a
- 1677: This will be fixed by the library maintainers by June 14
- 1747: Temporary skipping this now. NOTE: Further investigation needed
- 1748: n/a

[pyymenta]

thanks, @pyymenta! yeah, I think that's a good idea and definitely doable, will make the changes this weekend! Is there any display format you'd prefer? (since you're the feature requester ) I'm thinking maybe:

Exception vulnerabilities ID(s): 
- 1674: This is not impacting our application after investigation
- 1678: n/a
- 1677: This will be fixed by the library maintainers by June 14
- 1747: Temporary skipping this now. NOTE: Further investigation needed
- 1748: n/a

Seems great @jeemok!! Love it! We could have an option to enable/disable this feature too.

Thank you guys, if you need some help, feel free to ask me! I'd be glad to help you!

[jeemok]

I think the option to enable/disable this feature is a good idea, any idea what should we name the flag?

[pyymenta]

I think the option to enable/disable this feature is a good idea, any idea what should we name the flag?

I think this could be a flag in the .nsprc file:

{
  logIgnoreReason: true,
}

Because we won't specify the ignore reason of each advisories outside of .nsprc file. What do you think?

[jeemok]

ah I was thinking a general flag like --show-reason or --display-skip-notes, it might be useful if we want to display all the notes, or not display (I think this two will be the common use cases)

[jeemok]

How does this look? with flag --display-notes

[jeemok]

@pyymenta I've published the beta version, you can install it by installing better-npm-audit@next. Please let me know if it works well for you and I'll put it into the main version

[pyymenta]

Seems great @jeemok!

Could we add some \n?

Exception vulnerabilities ID(s): 1674,1677,1678,1693,1747,1748

Exceptions notes:

1674: Ignored since we don't use yyy method
1677: Ignored since we don't use yyy method
1678: Ignored since we don't use yyy method
1693: Ignored since we don't use yyy method
1747: Ignored since we don't use xxx method
1748: Ignored since we don't use yyy method

# npm audit report

browserslist  4.0.0 - 4.16.4
Severity: moderate

Good job!! ❤️

[jeemok]

no problem :)

[pyymenta]

Good job @jeemok 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏 👏

Thank you!

[jeemok]

thanks @pyymenta ! 👍🏻