More about this vulnerability button don't work

Question

More about this vulnerability button don't work

dzienisz opened this issue 4 years ago · 5 comments

dzienisz commented 4 years ago

Answer 1 · 2020-09-29T12:53:47.000Z

Oh, looks like that field can be a comma-separated list of URLs. Should be fairly easy to resolve.

Answer 2 · 2020-10-17T15:19:34.000Z

I can fix it as #hacktoberfest issue

Answer 3 · 2020-10-17T18:15:06.000Z

@nprail can you help me?

I see that we render this list by using {{#if references}} but it sometimes return markdown data and sometimes urls separated by comma 🤯

I can't find in code where {{references}} is created.

Answer 4 · 2020-10-19T14:25:49.000Z

@dzienisz references comes from directly from npm audit --json without manipulation. We will probably have to loop through the advisories and parse that field somehow into a consistent format.

Here is a possible algorithm to determine if it is a comma separated list of URLs:

const splitList = advisory.references.split(',')

let isUrlList = true
for (const urlItem of splitList) {
  try {
    new URL(urlItem)
  } catch (err) {
    // if new URL throws an error, than the item isn't a valid URL
    isUrlList = false
  }
}

// if any of the items do not parse as a URL then it probably isn't a comma-separated list of URLs
return isUrlList

Answer 5 · 2022-09-05T08:24:17.000Z

Hey @nprail currently I don't have time to do this. Anybody can take that.

I see you stopped supporting this code. Do you plan to find another contributors or archive the project?