[BUG] npm audit fix is not returning the arborist diff #3531

naugtur · 2021-07-09T19:01:28Z

Is there an existing issue for this?

Current Behavior

npm audit fix --json produces a summary with numbers of items added/removed/updated etc.

Expected Behavior

npm audit fix --json returns enough information to deduce:

dependency tree path (in any reasonable form)
package name (could be included in path)
advisory id
(nice to have) was it a breaking version bump

So that npm-audit-resolver and other tools could keep track of what has been fixed:
"1754|cssnano>cssnano-preset-default>postcss-svgo>svgo>css-select>css-what": {
"decision": "fix",
"madeAt": 1625857145332
},

Steps To Reproduce

npm init -y
npm i lodash@4.17.0
npm audit fix --json

Environment

OS: any
Node: any
npm: 7

The text was updated successfully, but these errors were encountered:

naugtur added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Jul 9, 2021

naugtur mentioned this issue Sep 22, 2021

Open RFC Meeting - Wednesday, September 22, 2021, 2:00 PM EST npm/rfcs#461

Closed

nlf added Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Mar 8, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] npm audit fix is not returning the arborist diff #3531

[BUG] npm audit fix is not returning the arborist diff #3531

naugtur commented Jul 9, 2021 •

edited

[BUG] npm audit fix is not returning the arborist diff #3531

[BUG] npm audit fix is not returning the arborist diff #3531

Comments

naugtur commented Jul 9, 2021 • edited

Is there an existing issue for this?

Current Behavior

Expected Behavior

Steps To Reproduce

Environment

naugtur commented Jul 9, 2021 •

edited