Option to check max-dept of node_modules?

[phun-ky]

Is there a possibility to add a max dept to check for vulnerabilities in node dependencies? This would narrow the scope for vulnerability checking, since the probability that dependency x on level n to fix their vulnerability within a timelimit when reported is practically zero..

Maybe add a big fat warning to the user when the this option is set, since we really don't want users to ommit vulnerabilites?

[eoftedal]

Good idea. We should be able to add that

[jdarling]

I like this idea, we require in quite a few packages that require in versions of packages with vulns (Hapi 13 as an example) that don't make use of the methods utilized in the vuln reported. Either a blacklist (exclude list) or a depth ignore would achieve the same result.