Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

add module-ignore flag #71

Merged
merged 3 commits into from Feb 23, 2022
Merged

add module-ignore flag #71

merged 3 commits into from Feb 23, 2022

Conversation

ghost
Copy link

@ghost ghost commented Feb 20, 2022
edited by ghost
Loading

Description
To address feature request: #69

This fixes the issue where vulnerabilities disputed by package owners causes ever changing vulnerability ids in the audit report. In my repo I have to a seemingly infinite number of ids to my .nsprc to manage the currently disputed lodash issue:
Screen Shot 2022-02-20 at 5 43 33 PM

Having a single flag to ignore lodash rather than w/e next id pops up for the same vulnerability is a huge time saver in a team environment :).

TODO

  • Add module-ignore flag
  • fix unit tests breaking due to expiry dates (unrelated to addition of flag)
  • README update
  • add unit tests for new flag
  • test flag locally in consuming repo

Screenshots
Tested via npm link
No flags, remove nsprc code for lodash (1 module):
no-flags

-m flag 1 module:
m-flag

--module-ignore flag 1 module:
module-ignore-flag

--module-ignore flag 2 modules (removed lodash and hermes-engine ids from nsprc):
2 modules

@jeemok @GrzesiekP @IPWright83

@ghost ghost marked this pull request as draft February 20, 2022 19:59
ghost
ghost commented Feb 20, 2022
View reviewed changes
test/utils/vulnerability.test.ts
expect(result).to.have.length(8).and.deep.equal([1165, 1890, 985, 1213, 1654, 2000, 2001, 2100]);
expect(result).to.have.length(7).and.deep.equal([1165, 1890, 985, 1213, 2000, 2001, 2100]);
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mock data had some data points that had gone past the set expiration date, requiring the test fixes in this file

@ghost ghost marked this pull request as ready for review February 21, 2022 01:38
@bestfoodalex
Copy link

+1 on this update. Would help us tremendously. Thanks @alexburkowskypolysign

@jeemok jeemok self-assigned this Feb 23, 2022
@jeemok
Copy link
Owner

jeemok commented Feb 23, 2022

this is a great feature, thank you for contributing @alexburkowskypolysign !

@jeemok jeemok merged commit f510d98 into jeemok:master Feb 23, 2022
@ghost
Copy link
Author

ghost commented Feb 23, 2022

You are very welcome @jeemok! Thanks for merging

@ghost ghost deleted the issue-69-ignore-by-module-name branch February 23, 2022 17:46
@Sujay-shetty
Copy link

will it support if we include in .nsprc file as well ?

@jeemok
Copy link
Owner

jeemok commented Mar 15, 2022

@Sujay-shetty not currently, but definitely sounds like a good feature. Can you help to create a new issue and we can track it from there?

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees

@jeemok jeemok

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bestfoodalex @jeemok @Sujay-shetty