2.0 roadmap
nprail opened this issue · 4 comments
The second major version of npm-audit-html
will have a few major new features.
- Support more than just npm. Allow for an easy way to create an adapter for other
npm-audit
clients such as Yarn. - #36 - Move to TypeScript - #27
- Support
auditReportVersion
2 - #43 - Expose the reporter API - #44
- What else is important??
Join the conversation on Slack!
Hello,
If I could suggest two more features:
- an API endpoint (not just cli) to use the module inside a node project
- support the
auditReportVersion:2
JSON format (in case anyone like me generate the NPM audit JSON report with@npmcli/arborist
andnpm-audit-report
Anyway your library is nice, wish you the best
Best regards,
@cguy Thanks for the ideas!
Technically, you actually could use npm-audit-html
's API directly. It is just undocumented. And lib/reporter.js
should probably be set as the main
file in the package.json
.
Adding support for auditReportVersion:2
is definitely a must as well.
@nprail Thank you for your answer.
Actually, I already checked the reporter file. My concern is it always writes a file on the file system, however through API I could be excepting to get the HTML String :)
Regarding version 2 of the report version, it's quite simple, there is only one layer added after vulnerabilities (the new name of "adventories").
I forked your project for immediate need (added my own ugly code), but it works.
@cguy Ah, I see. I think it makes sense to move the actual file writing to the CLI and keep the reporter more abstracted from the system.
Yeah, I took a look at the version 2 spec and it doesn't look too bad at all. I'm planning on making a way for there to be various "adapters" for different audit specs like Yarn (#36), v1 and v2.