Conversation
@zkat Could you help me here? I don't know where you define the extra params so that the unit test passes... |
@luislobo so since this is meant to be greppable, what about using Try |
@zkat I just checked |
I was also thinking of making |
…list of results, with no titles or summaries. Allows for colors. Added docs
@zkat @evilpacket I've just updated both npm/npm-audit-report#10 and here to match what you have suggested. I hope this lines up with what might be a good solution for everyone out there. |
Finally, one thing that I did, is group by severity, so that the output is sorted by High, Moderate, and Low |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While we're adding --parseable
we should add --json
as well. There's already a npm-audit-report
JSON reporter so adding it should be very little work.
To land this will need to have passing tests. The failure on Node 6 can be fixed be rebasing on to the current version of the branch. The other issues seem to be formatting issues that are making our linter unhappy.
@legodude17 One thing I noticed about #20568. is that it doesn't add Docs or help. I'll add it in this branch if you all are OK. |
@luislobo Not my call to make |
@iarna I fixed the |
Remove unused variable
This param needs npm/npm-audit-report#21 |
@zkat Any chance this can be added to next releases? We are using it internally and really saves time checking all our modules (have more than 40) but we have to keep updating whenever there's a new npm version. Thanks! |
@zkat any chance to get this one reviewed? |
I got around to merging all the PRs on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we're good, I think! Thank you!
How and why the current situation is problematic: npm is too verbose for purposes like doing a `| grep critical' and having real useful information for automated tools
By adding a new
--list
parameter this situation can be handled, being also an optional one. For a detailed list of changes/updates needed, there still always is the defaultaudit
command.Use cases: when automating security audits, the result can easily be parsed by any tool.
Any caveats: Needs npm/npm-audit-report#10. There is a TODO comment in that PR that needs to be answered/addressed.