better-npm-audit icon indicating copy to clipboard operation
better-npm-audit copied to clipboard

Published 20 hours ago verified publisher icon jeemok

Target specific package versions in --module-ignore

Open knightsg opened this issue 2 years ago • 1 comments

It would be very handy for us if we could target specific package versions in the --module-ignore flag so that we don't have to come back and manually update our whitelists once we update problematic package versions. For example:

1. We have included package_A v1.2.3.
2. better-npm-audit audit -l high fails because of an issue with a subpackage of package_A v1.2.3.
3. We exclude it using better-npm-audit audit -l high -m package_A
4. Later, we update package_A to v1.2.4.
5. A new advisory is created for a package_A v1.2.4, but our audits continue to pass because we excluded package_A in our pipeline.

knightsg avatar Mar 04 '22 23:03 knightsg

hey @knightsg, thanks for the suggestion, definitely a good idea 👍🏻 let me look into this as soon as I get time, but feel free to open a PR :)

jeemok avatar Mar 15 '22 15:03 jeemok