Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] --parseable has no effect on audit #3863

Open
1 task done
OrangeDog opened this issue Oct 8, 2021 · 2 comments
Open
1 task done

[BUG] --parseable has no effect on audit #3863

OrangeDog opened this issue Oct 8, 2021 · 2 comments
Labels
cmd:audit related to `npm audit` Enhancement new feature or improvement Priority 2 secondary priority issue Release 7.x work is associated with a specific npm 7 release Release 8.x work is associated with a specific npm 8 release

Comments

@OrangeDog
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

The --parseable option has no effect on audit output

npm audit --parseable
# npm audit report

ansi-html  *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
No fix available
node_modules/ansi-html
  webpack-dev-server  2.0.0-beta - 4.1.0
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of http-proxy-middleware
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server
    @angular-devkit/build-angular  <=13.0.0-next.3
    Depends on vulnerable versions of @angular-devkit/build-webpack
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@angular-devkit/build-angular
    @angular-devkit/build-webpack  <=0.1300.0-next.2
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@angular-devkit/build-webpack
...

Expected Behavior

npm audit --parseable should output in a machine-readable format, as it did previously

npm audit --parseable
install set-value       high    npm install --save-dev @angular-devkit/[email protected]     Prototype Pollution in set-value        https://github.com/advisories/GHSA-4jqc-8m5r-9rpr       @angular-devkit/build-angular>webpack>mi
cromatch>braces>snapdragon>base>cache-base>set-value    Y
install set-value       high    npm install --save-dev @angular-devkit/[email protected]     Prototype Pollution in set-value        https://github.com/advisories/GHSA-4jqc-8m5r-9rpr       @angular-devkit/build-angular>webpack>mi
cromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value   Y
...

Steps To Reproduce

  1. npm audit --parseable

Environment

  • OS: Windows 10 20H1
  • Node: 14.15.0
  • npm: 7.24.2
@OrangeDog OrangeDog added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Oct 8, 2021
@lukekarrys lukekarrys added Enhancement new feature or improvement Priority 2 secondary priority issue and removed Bug thing that needs fixing Needs Triage needs review for next steps labels Oct 11, 2021
@OrangeDog OrangeDog changed the title [BUG] --parseabke has no effect on audit [BUG] --parseable has no effect on audit Nov 18, 2021
@ruyadorno ruyadorno added Release 8.x work is associated with a specific npm 8 release cmd:audit related to `npm audit` labels Apr 4, 2022
@lobbin
Copy link

lobbin commented Dec 8, 2022

Wrote a short js that mimics --parseable output, using --json. Not sure if it's feature full, but it works for the basic needs we have.
https://gist.github.com/lobbin/9f74661b3a2b80fe76e24dff40519bae

@adaugherity
Copy link

Wrote a short js that mimics --parseable output, using --json. Not sure if it's feature full, but it works for the basic needs we have.

Thank you for that. The only thing I noticed missing was the "is a breaking change?" column, which I have added in my fork of that gist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cmd:audit related to `npm audit` Enhancement new feature or improvement Priority 2 secondary priority issue Release 7.x work is associated with a specific npm 7 release Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Development

No branches or pull requests

5 participants