Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(audit): add filtering by severity level #6716

Merged
merged 2 commits into from
Mar 17, 2019
Merged

feat(audit): add filtering by severity level #6716

merged 2 commits into from
Mar 17, 2019

Conversation

rogeriopvl
Copy link
Contributor

Summary

This pull request implements the feature requested in #6668.

It basically adds a --level flag to the audit command allowing to filter the audit output by severity greater than or equal to the provided value which can be (info, low, moderate, high or critical).

Test plan

Example:

yarn audit --level high

This outputs all advisories ranked high and critical.

By default without this new flag, the audit command will behave as it always did.

@rogeriopvl
Copy link
Contributor Author

appveyor is failing on an unrelated test 🤔

@ghamaide
Copy link

any updates on this PR? It would help a lot :-)

@rogeriopvl rogeriopvl force-pushed the feat/audit-filter-by-severity-level branch from 2d2d53f to e82b2bc Compare November 26, 2018 11:28
rally25rs
rally25rs reviewed Mar 8, 2019
View reviewed changes
src/cli/commands/audit.js Outdated Show resolved Hide resolved
rally25rs
rally25rs reviewed Mar 8, 2019
View reviewed changes
src/cli/commands/audit.js Outdated Show resolved Hide resolved
@rogeriopvl rogeriopvl force-pushed the feat/audit-filter-by-severity-level branch from e82b2bc to adced14 Compare March 8, 2019 19:42
@buildsize
Copy link

buildsize bot commented Mar 8, 2019
edited
Loading

File name Previous Size New Size Change
yarn-[version].noarch.rpm 1.11 MB 1.1 MB -2.34 KB (0%)
yarn-[version].js 4.47 MB 4.47 MB -3.32 KB (0%)
yarn-legacy-[version].js 4.66 MB 4.66 MB -3.69 KB (0%)
yarn-v[version].tar.gz 1.12 MB 1.11 MB -1.92 KB (0%)
yarn_[version]all.deb 815.75 KB 814.58 KB -1.17 KB (0%)

@rogeriopvl rogeriopvl force-pushed the feat/audit-filter-by-severity-level branch from adced14 to e199b89 Compare March 8, 2019 19:48
@rogeriopvl
Copy link
Contributor Author

@rally25rs fixed :)

@rogeriopvl rogeriopvl force-pushed the feat/audit-filter-by-severity-level branch 2 times, most recently from f73629a to febd463 Compare March 11, 2019 10:21
@rally25rs
Copy link
Contributor

@rogeriopvl looks like there are some merge conflicts now due to another PR that touched audit.js. Would you mind taking a look into resolving these? Then I'll get this merged in. Sorry for the delay.

@rogeriopvl rogeriopvl force-pushed the feat/audit-filter-by-severity-level branch from febd463 to 970b3d9 Compare March 17, 2019 15:02
@rogeriopvl
Copy link
Contributor Author

@rally25rs Should be good now

@rally25rs rally25rs merged commit 298e0ea into yarnpkg:master Mar 17, 2019
@rally25rs rally25rs mentioned this pull request Apr 4, 2019
Closed
@amitrai99
Copy link

amitrai99 commented Sep 26, 2019
edited
Loading

I'm on yarn version v1.13.0 and using the filter param does not do anything. I can see issues with all severity levels in the report.

yarn audit --level high

or

yarn audit --level=high

both don't do anything for filtering.

@MrJadaml
Copy link

Also not seeing output get filtered when using the --level flag.

In the mean time I am using the following command:
yarn audit | grep -A 12 [LEVEL]
i.e.
yarn audit | grep -A 12 high

@robertlagrant
Copy link

I have the same problem - here it is running in a Docker build:

Step 9/28 : RUN yarn audit --level high
 ---> Running in 13868852e5e2
yarn audit v1.19.1
63 vulnerabilities found - Packages audited: 37010
Severity: 63 Low
Done in 1.79s.
The command '/bin/sh -c yarn audit --level high' returned a non-zero code: 2

@hkdobrev
Copy link

Both the --level and --group filters do not do anything anymore. I'm on Yarn version 1.22.10.

@cyberfox1

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rally25rs rally25rs rally25rs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@rogeriopvl @ghamaide @rally25rs @amitrai99 @MrJadaml @robertlagrant @hkdobrev @cyberfox1