> better-npm-audit@3.5.1 test > mocha -r ts-node/register test/**/*.test.ts Flags default ✓ should be able to handle default correctly --exclude ✓ should be able to pass exception IDs using the command flag smoothly ✓ should info log the vulnerabilities if it is only passed in command line ✓ should not info log the vulnerabilities if there are no exceptions given --production ✓ should be able to set production mode from the command flag correctly --registry ✓ should be able to set registry from the command flag correctly --level ✓ should be able to pass audit level from the command flag correctly ✓ should be able to pass audit level from the environment variables correctly Events handling Failed parsing .nsprc file: SyntaxError: Unexpected end of JSON input ✓ should exit if unable to process the JSON buffer ✓ should be able to handle success case properly ✓ should be able to except vulnerabilities properly ✓ should be able to handle found vulnerabilities properly ✓ should inform the developer when exceptionsIds are unused Color utils #color ✓ should handle correctly without given colors specificed ✓ should be able to color message foreground correctly ✓ should be able to color message background correctly ✓ should be able to color message foreground and background correctly #getSeverityBgColor ✓ should return correctly Common utils #isJsonString ✓ should return true for valid JSON object Failed parsing .nsprc file: SyntaxError: Unexpected token a in JSON at position 0 ✓ should return false if it is not a valid JSON object #isWholeNumber ✓ should be able to determine a whole number #shortenNodePath ✓ should be able to shorten node path correctly Date utils #isValidDate ✓ should be able to determine a valid UNIX timestamp correctly #analyzeExpiry ✓ should return valid and not expired if not given any date ✓ should be able to detect invalid dates ✓ should be able to analyze the given timestamp correctly ✓ should be able to analyze the time difference correctly Print utils ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ === npm audit security report === ║ ║ ║ ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ ║ 975 │ swagger-ui │ Reverse Tabnapping │ loopback-component-explorer>swagger-ui │ moderate │ https://npmjs.com/advisories/975 │ n ║ ║ 976 │ swagger-ui │ Cross-Site Scripting │ loopback-component-explorer>swagger-ui │ moderate │ https://npmjs.com/advisories/976 │ n ║ ║ 985 │ swagger-ui │ Cross-Site Scripting │ loopback-component-explorer>swagger-ui │ moderate │ https://npmjs.com/advisories/985 │ n ║ ║ 1084 │ mem │ Denial of Service │ loopback-connector-rest>strong-globalize>os- │ low │ https://npmjs.com/advisories/1084 │ n ║ ║ │ │ │ locale>mem │ │ │ ║ ║ 1179 │ minimist │ Prototype Pollution │ mocha>mkdirp>minimist │ low │ https://npmjs.com/advisories/1179 │ n ║ ║ 1213 │ dot-prop │ Prototype Pollution │ nodemon>update-notifier>configstore>dot-prop │ high │ https://npmjs.com/advisories/1213 │ n ║ ║ 1500 │ yargs-parser │ Prototype Pollution │ mocha>yargs-parser │ low │ https://npmjs.com/advisories/1500 │ n ║ ║ │ │ │ mocha>yargs-unparser>yargs>yargs-parser │ │ │ ║ ║ 1523 │ lodash │ Prototype Pollution │ lodash │ low │ https://npmjs.com/advisories/1523 │ n ║ ║ │ │ │ loopback>async>lodash │ │ │ ║ ║ │ │ │ loopback>loopback-connector-remote>loopback- │ │ │ ║ ║ │ │ │ datasource-juggler>async>lodash │ │ │ ║ ║ │ │ │ loopback>loopback-datasource-juggler>async>lodash │ │ │ ║ ║ │ │ │ loopback>loopback-connector-remote>strong- │ │ │ ║ ║ │ │ │ remoting>loopback-phase>async>lodash │ │ │ ║ ║ │ │ │ ...and 40 more │ │ │ ║ ║ 1555 │ bl │ Remote Memory Exposure │ loopback>loopback-connector-remote>loopback- │ critical │ https://npmjs.com/advisories/1555 │ n ║ ║ │ │ │ datasource-juggler>loopback-connector>msgpack5>bl │ │ │ ║ ║ │ │ │ loopback>loopback-datasource-juggler>loopback- │ │ │ ║ ║ │ │ │ connector>msgpack5>bl │ │ │ ║ ║ │ │ │ loopback-connector-mongodb>loopback- │ │ │ ║ ║ │ │ │ connector>msgpack5>bl │ │ │ ║ ║ 1556 │ node-fetch │ Denial of Service │ loopback-connector-rest>strong-globalize>g11n- │ low │ https://npmjs.com/advisories/1556 │ n ║ ║ │ │ │ pipeline>swagger-client>cross-fetch>node-fetch │ │ │ ║ ║ 1589 │ ini │ Prototype Pollution │ nodemon>chokidar>fsevents>node-pre-gyp>rc>ini │ low │ https://npmjs.com/advisories/1589 │ n ║ ║ │ │ │ nodemon>update-notifier>is-installed- │ │ │ ║ ║ │ │ │ globally>global-dirs>ini │ │ │ ║ ║ │ │ │ nodemon>update-notifier>latest-version>package- │ │ │ ║ ║ │ │ │ json>registry-auth-token>rc>ini │ │ │ ║ ║ │ │ │ nodemon>update-notifier>latest-version>package- │ │ │ ║ ║ │ │ │ json>registry-url>rc>ini │ │ │ ║ ╚══════╧══════════════╧════════════════════════╧════════════════════════════════════════════════════╧══════════╧═══════════════════════════════════╧═════╝ ✓ v6 security report table visual ╔═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ === npm audit security report === ║ ║ ║ ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ ║ 1555 │ bl │ Remote Memory Exposure │ bl │ critical │ https://npmjs.com/advisories/1555 │ n ║ ║ 1213 │ dot-prop │ Prototype Pollution │ dot-prop │ high │ https://npmjs.com/advisories/1213 │ n ║ ║ 1589 │ ini │ Prototype Pollution │ fsevents>ini │ low │ https://npmjs.com/advisories/1589 │ n ║ ║ │ │ │ ini │ │ │ ║ ║ 1523 │ lodash │ Prototype Pollution │ lodash │ low │ https://npmjs.com/advisories/1523 │ n ║ ║ 1084 │ mem │ Denial of Service │ loopback-connector-rest>mem │ low │ https://npmjs.com/advisories/1084 │ n ║ ║ 1179 │ minimist │ Prototype Pollution │ mocha>minimist │ low │ https://npmjs.com/advisories/1179 │ n ║ ║ 1556 │ node-fetch │ Denial of Service │ node-fetch │ low │ https://npmjs.com/advisories/1556 │ n ║ ║ 975 │ swagger-ui │ Reverse Tabnapping │ swagger-ui │ moderate │ https://npmjs.com/advisories/975 │ n ║ ║ 976 │ swagger-ui │ Cross-Site Scripting │ swagger-ui │ moderate │ https://npmjs.com/advisories/976 │ n ║ ║ 985 │ swagger-ui │ Cross-Site Scripting │ swagger-ui │ moderate │ https://npmjs.com/advisories/985 │ n ║ ║ 1500 │ yargs-parser │ Prototype Pollution │ mocha>yargs-parser │ low │ https://npmjs.com/advisories/1500 │ n ║ ║ │ │ │ yargs-unparser>yargs-parser │ │ │ ║ ╚══════╧══════════════╧════════════════════════╧═════════════════════════════════════════════════╧══════════╧═══════════════════════════════════╧═════╝ ✓ v7 security report table visual ╔═══════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ === list of exceptions === ║ ║ ║ ║ ID │ Status │ Expiry │ Notes ║ ║ 1165 │ active │ │ ║ ║ 1890 │ active │ │ ║ ║ 975 │ expired │ Thu, 11 Mar 2021 11:28:54 GMT │ ║ ║ 976 │ inactive │ │ ║ ║ 985 │ active │ │ ║ ║ 1084 │ expired │ Thu, 11 Mar 2021 11:28:54 GMT │ Inactive package; consider replacing it. ║ ║ 1179 │ expired │ Thu, 11 Mar 2021 11:28:54 GMT │ ║ ║ 1213 │ active │ │ Ignored since we don't use xxx method ║ ║ 1556 │ expired │ Thu, 11 Mar 2021 11:28:54 GMT │ Issue: https://github.com/jeemok/better-npm-audit/issues/28 ║ ║ 1651 │ expired │ Thu, 11 Mar 2021 11:28:54 GMT │ This will be fixed by the maintainers by June 14 ║ ║ 1654 │ active │ Fri, 31 Dec 2021 16:00:00 GMT │ ║ ║ 2000 │ active │ Mon, 01 Jan 2024 00:00:00 GMT │ ║ ║ 2001 │ active │ Tue, 01 Jan 2030 00:00:00 GMT │ ║ ║ 2100 │ active │ │ Unused ║ ║ Note │ invalid │ │ personal note ║ ╚══════╧══════════╧═══════════════════════════════╧═════════════════════════════════════════════════════════════╝ ✓ exception table visual Vulnerability utils #mapLevelToNumber ✓ should be able to map audit level to correct numbers #getExceptionsIds ✓ should display the vulnerabilities from command line if .nsprc file not given 1) should combine the exceptions from command line and .nsprc file #processExceptions 2) should be able to process exceptions correctly 3) should be able to filter active exceptions and label correctly 4) should be able to filter inactive exceptions and label correctly 5) should be able to filter expired exceptions and label correctly 6) should be able to filter invalid exceptions and label correctly #processAuditJson npm v6 ✓ should be able to handle correctly for empty vulnerability scan ✓ should be able to except some of the reported vulnerabilities ✓ should be able to list all the reported vulnerabilities ✓ should be able to generate a report of all the reported vulnerabilities ✓ should be able to get info level vulnerabilities from JSON buffer ✓ should be able to get low level vulnerabilities from JSON buffer ✓ should be able to get moderate level vulnerabilities from JSON buffer ✓ should be able to get high level vulnerabilities from JSON buffer ✓ should be able to get critical level vulnerabilities from JSON buffer npm v7 ✓ should be able to handle correctly for empty vulnerability scan ✓ should be able to except some of the reported vulnerabilities ✓ should be able to list all the reported vulnerabilities ✓ should be able to generate a report of all the reported vulnerabilities ✓ should be able to get info level vulnerabilities from JSON buffer ✓ should be able to get low level vulnerabilities from JSON buffer ✓ should be able to get moderate level vulnerabilities from JSON buffer ✓ should be able to get high level vulnerabilities from JSON buffer ✓ should be able to get critical level vulnerabilities from JSON buffer 50 passing (180ms) 6 failing 1) Vulnerability utils #getExceptionsIds should combine the exceptions from command line and .nsprc file: AssertionError: expected [ Array(7) ] to have a length of 8 but got 7 + expected - actual -7 +8 at Context. (test/utils/vulnerability.test.ts:42:30) at processImmediate (node:internal/timers:463:21) 2) Vulnerability utils #processExceptions should be able to process exceptions correctly: AssertionError: expected [ Array(7) ] to have a length of 8 but got 7 + expected - actual -7 +8 at Context. (test/utils/vulnerability.test.ts:54:43) at processImmediate (node:internal/timers:463:21) 3) Vulnerability utils #processExceptions should be able to filter active exceptions and label correctly: AssertionError: expected [ 985, 1213, 2000, 2001, 2100 ] to have a length of 6 but got 5 + expected - actual -5 +6 at Context. (test/utils/vulnerability.test.ts:61:67) at processImmediate (node:internal/timers:463:21) 4) Vulnerability utils #processExceptions should be able to filter inactive exceptions and label correctly: AssertionError: expected [ 985, 1213, 2000, 2001, 2100 ] to have a length of 6 but got 5 + expected - actual -5 +6 at Context. (test/utils/vulnerability.test.ts:72:67) at processImmediate (node:internal/timers:463:21) 5) Vulnerability utils #processExceptions should be able to filter expired exceptions and label correctly: AssertionError: expected [ 985, 1213, 2000, 2001, 2100 ] to have a length of 6 but got 5 + expected - actual -5 +6 at Context. (test/utils/vulnerability.test.ts:84:67) at processImmediate (node:internal/timers:463:21) 6) Vulnerability utils #processExceptions should be able to filter invalid exceptions and label correctly: AssertionError: expected [ 985, 1213, 2000, 2001, 2100 ] to have a length of 6 but got 5 + expected - actual -5 +6 at Context. (test/utils/vulnerability.test.ts:98:67) at processImmediate (node:internal/timers:463:21)