Handle 'vulnerabilities' of undefined

Question

Handle 'vulnerabilities' of undefined

viane opened this issue 6 years ago · 4 comments

I'm trying to run with npm audit fix --production --only=prod --json | npm-audit-html and got this error. I assume because the fix done it job and output is missing that entry.

Suggest solution:
haven't look at the code but i believe something like

const vulnerabilities = data.metadata.vulnerabilities || []

and output will show a default message of no vulnerability found.

I'd like to do a PR for this quick fix.

Answer 1 · 2018-10-23T11:10:17.000Z

Hey, thanks for the bug report! That fix probably will work. I'd love to accept a PR with a good fix!

Might also want to look into putting a vulnerabilities fixed section in the report.

Answer 2 · 2018-10-31T21:09:05.000Z

@viane I just created a PR with a super basic fix. Feel free to improve upon it.

Answer 3 · 2018-11-02T16:05:14.000Z

@nprail Hello Noah, I'm so sorry for the late reply, was packed last month. I did looked at the problem deeper since the solution I offered is too simple. So based on what I tried last time, the npm audit --fix will return a different sets of properties. I will start research/experiment bit more before I commit to submit a code change ( I think this will have the bug fix + feature support).

Answer 4 · 2018-12-15T01:12:50.000Z

@viane After looking at it again, I'm not sure that this is a use case that I want to support. For now, I have added an error message saying that it isn't supported. If you can come up with a good method of handling it, I am still open to PRs.