You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In many cases there's not much that you can do for the vulnerability at the time it is alerted. However, maybe the fix is being worked on but not released. For this purpose it would make sense to have expiry times for ignored vulnerabilities so that the developer remembers to check it again after a while. For the reference, better-npm-audit support such functionality via expiry field: https://github.com/jeemok/better-npm-audit#using-nsprc-file-to-manage-exceptions
The text was updated successfully, but these errors were encountered:
This would also be useful in cases where a policy dictates different time windows for different levels of advisory (e.g. 7 days for low vulnerabilities, 24 hours for critical etc). Without this addition, the only option is to either immediately action the fix, or to add the advisory to the ignored list, where it can easily be forgotten.
In many cases there's not much that you can do for the vulnerability at the time it is alerted. However, maybe the fix is being worked on but not released. For this purpose it would make sense to have expiry times for ignored vulnerabilities so that the developer remembers to check it again after a while. For the reference,
better-npm-audit
support such functionality viaexpiry
field: https://github.com/jeemok/better-npm-audit#using-nsprc-file-to-manage-exceptionsThe text was updated successfully, but these errors were encountered: