-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add vulnerability ID to regular and verbose output #23
Comments
Thanks for the request. I will look into the issues this week and will get a new version out as soon as possible. |
I have added the The vulnerability IDs are always reported in the standard output. I have not yet fixes the XML output, though I will see about fixing that soon (ish). I expect that at some point in the future I will rewrite the command line arguments, probably a version 3.0. At that time I will keep the current interface so as not to break any integrations, but will provide a cleaner interface at the same time. This will hopefully clean some things up. Till then I will be providing command line options for users looking for different behaviours. |
Here's an example from stdout, I don't see what part of this is the vulnerability ID:
|
That is definitely not the output I expect. Just before "Affected Versions" you should see an "ID: 12345" line. What version of auditjs are you using. I will double check to ensure I published properly, and if so I will look to see if I missed something. |
I just updated to v2.2.8 and now I see it:
Thanks! |
Awesome. My pleasure. Thanks for the feedback and help! |
Running auditjs naively in my project gives me an exit code of 3 and one security issue (sockjs/sockjs-node#217). Since this is not used in production for our application (tracing the dependency points to
express
andwebpack-dev-server
), I'd like to disable it.The guide says to run
auditjs -r
, however when I do that, this issue is not output in the resulting xml file. The output also seems to report a lot more security issues than running without arguments. Probably also listing vulnerabilities that do not apply, so, safe enough I guess.Running
auditjs -v
outputs all of the vulnerabilities, but without IDs again.So a few things:
auditjs -r
The text was updated successfully, but these errors were encountered: