Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add number of vuln count per type to npm audit fix output #2070

Open
ruyadorno opened this issue Oct 28, 2020 · 1 comment
Open

[Feature] Add number of vuln count per type to npm audit fix output #2070

ruyadorno opened this issue Oct 28, 2020 · 1 comment
Labels
Enhancement new feature or improvement Release 7.x work is associated with a specific npm 7 release

Comments

@ruyadorno
Copy link
Collaborator

Currently reify-output will also print the number of vulns per type, e.g:

found 611 vulnerabilities (608 low, 3 high)
  run `npm audit fix` to fix them, or `npm audit` for details

It should also implement this style of count per type for npm audit fix output.

Current output:

fixed 606 of 611 vulnerabilities in 1618 scanned packages
  5 vulnerabilities required manual review and could not be updated

Proposed output:

fixed 606 of 611 vulnerabilities in 1618 scanned packages
  5 vulnerabilities (2 low, 3 high) required manual review and could not be updated

from: npm/rfcs#266
@ruyadorno ruyadorno added Release 7.x work is associated with a specific npm 7 release Enhancement new feature or improvement labels Oct 28, 2020
@salesh
Copy link

salesh commented Oct 30, 2020

Hi @ruyadorno isn't the case that in latest version 7

For example

npm audit


6 vulnerabilities (4 low, 2 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

npm audit fix

now it's just showing up to date and at the bottom severity vulnerabilities


up to date, audited 509 packages in 3s

1 package is looking for funding
  run `npm fund` for details

# npm audit report

minimist  <0.2.1 || >=1.0.0 <1.2.3
Prototype Pollution - https://npmjs.com/advisories/1179
fix available via `npm audit fix --force`
Will install express-generator@4.2.0, which is a breaking change
node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/express-generator/node_modules/mkdirp
    express-generator  >=4.8.0
    Depends on vulnerable versions of mkdirp
    node_modules/express-generator

3 low severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Maybe I am missing something.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement new feature or improvement Release 7.x work is associated with a specific npm 7 release
2 participants
@ruyadorno @salesh