npm-audit-resolver icon indicating copy to clipboard operation
npm-audit-resolver copied to clipboard

Published 20 hours ago verified publisher icon naugtur

Support for automatically removing no-longer-needed ignores?

Open RichardBradley opened this issue 2 years ago • 2 comments

If I add an ignore to the log file, but later upgrade my app; that line will exist in the log file forever.

It might be nice to automatically prune ignores which are no longer needed? I can think of some obscure scenarios where that might conceivably be more secure, and it certainly would be tidier and make the log file easier to review.

Thanks for a great tool!

RichardBradley avatar May 24 '22 18:05 RichardBradley

That's a great feature and I thought about it first a few months into using this tool myself. Didn't come up with a satisfying process for that that'd take into account optional modules and some other corner cases I don't recall.

You probably have a simpler approach. What would you like to do to do the cleanup? Would it be just running the audit as is and dropping all rules that do not overlap with the current audit output?

naugtur avatar Jun 13 '22 19:06 naugtur

I think like you said, upon a run any rules that no longer apply could be removed.

bmerigan avatar May 22 '23 05:05 bmerigan