This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3k
Allow adding npm audit exceptions #20565
Comments
38 tasks
I would like a feature like this as well, but ideally when adding an exception I would like to be able to state
eg. exceptions: [
{
advisory: "https://nodesecurity.io/advisories/612",
path: "webpack > watchpack > chokidar > fsevents > node-pre-gyp > rc > deep-extend"
reason: "vulnerable code path not reachable"
] It would be awesome if there was some sort of wizard which would generate the above with prompting driven by the audit results. I had a quick look at the snyk equivalent of this feature, and it also supports an expiry date on the exeception, which seems like a decent idea (although it doesn't have a concept of path). The reason I think |
Without this feature impossible replace |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What's the feature?
Add the ability to whitelist certain vulnerabilities during
npm audit
.What problem is the feature intended to solve?
Allow adding exceptions for vulnerabilities so they don't show up in
npm audit
.Is the absence of this feature blocking you or your team? If so, how?
No.
Is this feature similar to an existing feature in another tool?
NSP had it. You could have an
.nsprc
file that looked like this:Is this a feature you're prepared to implement, with support from the npm CLI team?
I'll assist as much as I can.
The text was updated successfully, but these errors were encountered: