Improve Report UI

Question

Improve Report UI

nprail opened this issue 6 years ago · 18 comments

nprail commented 6 years ago

The report UI doesn't look super great and could be better. Let's improve it.

To-Do

Improve Report UI

Answer 1 · 2018-12-28T16:06:49.000Z

Hi @nprail,

I have a suggestions for you:

Would be good to have an option for CLI to enable/disable showing unique vulnerabilities. For example if you have installed imagemin-webpack-plugin@2.3.0 then you will have 6 vulnerabilities, because of tunnel-agent@0.4.3 but they are same vulnerabilities.
Also as you can see here I have added collapsable for "Reasons" section (which makes sense if point 1 is a case). Note that it is CSS only solution, mainly because these kind of reports are used in CI-s where you don't want to (or can't) have JS.

Answer 2 · 2019-08-27T22:01:58.000Z

Is someone still interested in working on this? I landed here because I was looking for a way to filter a table of just the high risk vulnerabilities.

Answer 3 · 2019-08-28T02:38:34.000Z

Is someone still interested in working on this?

To be honest, is in my ToDo list in a while, but I didn't have time to see it yet. Feel free to open a PR, because i'm not part of the team. :P

Answer 4 · 2019-08-28T10:20:27.000Z

@giocodes I am planning on working on this at some point soon. But like @AdrianoCahete said, PRs are welcome!

Are you looking for filtering after the report was generated or during? For example, you could achieve filtering by doing this:

npm audit --json --audit-level=high | npm-audit-html

Answer 5 · 2019-08-28T14:45:01.000Z

Okay, so turns out that --json outputs everything regardless of the other flags like --audit-level or --only (although, --production does affect the JSON output). So filtering does have to be done by npm-audit-html.

Answer 6 · 2019-08-28T16:09:12.000Z

Aw too bad the flag does not work.

Yeah, I'll be happy to help. 😃What do you all have in mind for the new UI to look like?

I want to suggest a table where vulnerabilities can be sorted and users can choose the columns (information) they want to see. Similar to what Jira has for the issues view:

For npm-audit-html it would be a lot simpler, no sidebar or tabs. Just the filters on top and the sortable table. Let me know what you think @nprail @SAIGlobal

Answer 7 · 2019-08-28T20:25:53.000Z

@giocodes Actually, determining what the improved look should be is most of why I haven't done it yet. So feedback like this is great! 👏👏👏

I like the idea of a sortable/filterable table that you can open collapses (or modals) to see more details for each vulnerability.

@AdrianoCahete @giocodes
What primary information do you think should be visible/sortable? My thoughts are name, severity, and vulnerable module name at least. Maybe a date published and/or link to the advisory as well?

Answer 8 · 2019-08-28T20:56:23.000Z

What primary information do you think should be visible/sortable? My thoughts are name, severity, and vulnerable module name at least. Maybe a date published and/or link to the advisory as well?

If possible, everything (why not give the user that degree of customization?). But the most important ones are severity, CVE, name and module name, I think.

About the UI, my first idea was design an UI for this, but I'm with a lack of time this months. :(

Answer 9 · 2019-08-29T11:38:51.000Z

@AdrianoCahete Sure, giving the option to add any sortable columns to the table would be best. I just meant, what should the default columns be.

The trouble with CVE is that it is an array of CVEs. There can be more than one. Would it make sense to group them all into one column?

Example:

Name	Severity	Module	CVEs
Arbitrary File Overwrite	High	fstream	CWE-59, CVE-2019-13173

Answer 10 · 2019-10-02T15:37:30.000Z

I've started to work on the new design!

What do you think about a dark theme?

Here's a preview of the new layout:

Answer 11 · 2019-10-02T18:29:33.000Z

DARK MODE!
🎉🎉🎉

Feedback is much appreciated.

Answer 12 · 2019-10-02T18:38:26.000Z

Is the palette easy to change? On my screen the green colors don't seem to have enough contrast.
Maybe you could try the color palette from https://material.io/design/color/dark-theme.html#anatomy

Answer 13 · 2019-10-02T18:45:29.000Z

Yep, totally. I think I'll add a CLI option for dark or light mode.

I'll definitely be making adjustments to the color palette too.

Answer 14 · 2019-11-08T02:47:06.000Z

Hope this will roll out soon. I have a small suggestion, It would be great if there is a breakdown of total no of issues based on the severity also.

Answer 15 · 2019-11-08T19:05:29.000Z

@nikhilgeo I'll be working on finishing this up and hopefully releasing a new version with it tomorrow!

I'm probably going to make dark mode an option but not the default.

Answer 16 · 2019-11-08T22:01:06.000Z

I've improved the dark theme a lot (borrowed some styles from VS Code) and also added code highlighting with highlight.js.

If you want dark mode, you will have to add --theme dark as a CLI option. 2.0 will probably switch to dark mode by default.

Dark mode

Light mode

Answer 17 · 2019-11-09T08:06:51.000Z

Awesome, thank you for the new looks. Looking forward for the new release.

Answer 18 · 2019-11-10T20:00:23.000Z

🎉 This issue has been resolved in version 1.4.0 🎉

The release is available on:

Your semantic-release bot 📦🚀