Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Target specific package versions in --module-ignore #72

Open
knightsg opened this issue Mar 4, 2022 · 1 comment
Open

Target specific package versions in --module-ignore #72

knightsg opened this issue Mar 4, 2022 · 1 comment
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@knightsg
Copy link

knightsg commented Mar 4, 2022

It would be very handy for us if we could target specific package versions in the --module-ignore flag so that we don't have to come back and manually update our whitelists once we update problematic package versions. For example:

1. We have included package_A v1.2.3.
2. better-npm-audit audit -l high fails because of an issue with a subpackage of package_A v1.2.3.
3. We exclude it using better-npm-audit audit -l high -m package_A
4. Later, we update package_A to v1.2.4.
5. A new advisory is created for a package_A v1.2.4, but our audits continue to pass because we excluded package_A in our pipeline.
@jeemok jeemok added enhancement New feature or request good first issue Good for newcomers labels Mar 15, 2022
@jeemok
Copy link
Owner

jeemok commented Mar 15, 2022

hey @knightsg, thanks for the suggestion, definitely a good idea 👍🏻 let me look into this as soon as I get time, but feel free to open a PR :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@knightsg @jeemok