2.0 roadmap

Question

2.0 roadmap

nprail opened this issue 5 years ago · 4 comments

nprail commented 5 years ago

The second major version of npm-audit-html will have a few major new features.

Support more than just npm. Allow for an easy way to create an adapter for other npm-audit clients such as Yarn. - #36
Move to TypeScript - #27
Support auditReportVersion 2 - #43
Expose the reporter API - #44
What else is important??

Join the conversation on Slack!

https://slack.event1.io

Answer 1 · 2020-05-12T06:01:37.000Z

Hello,

If I could suggest two more features:

an API endpoint (not just cli) to use the module inside a node project
support the auditReportVersion:2 JSON format (in case anyone like me generate the NPM audit JSON report with @npmcli/arborist and npm-audit-report

Anyway your library is nice, wish you the best

Best regards,

Answer 2 · 2020-05-12T16:32:42.000Z

@cguy Thanks for the ideas!

Technically, you actually could use npm-audit-html's API directly. It is just undocumented. And lib/reporter.js should probably be set as the main file in the package.json.

Adding support for auditReportVersion:2 is definitely a must as well.

Answer 3 · 2020-05-12T21:49:57.000Z

@nprail Thank you for your answer.

Actually, I already checked the reporter file. My concern is it always writes a file on the file system, however through API I could be excepting to get the HTML String :)

Regarding version 2 of the report version, it's quite simple, there is only one layer added after vulnerabilities (the new name of "adventories").

I forked your project for immediate need (added my own ugly code), but it works.

Answer 4 · 2020-05-13T13:24:00.000Z

@cguy Ah, I see. I think it makes sense to move the actual file writing to the CLI and keep the reporter more abstracted from the system.

Yeah, I took a look at the version 2 spec and it doesn't look too bad at all. I'm planning on making a way for there to be various "adapters" for different audit specs like Yarn (#36), v1 and v2.