osv-scanner
osv-scanner copied to clipboard
google
Show the vulnerable path when doing transitive dependency scanning
Currently we only show vulnerabilities for transitive dependencies but not the path how we depend on the vulnerable dependency. Considering the lack of lockfile for these ecosystem, it will be helpful to also show the vulnerable path (for example what npm audit does) when reporting the vulnerabilities.
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}