Hide excepted vulnerabilities from output
alert-debug opened this issue · 2 comments
I've had another UX idea which you might like to consider.
Given that the output is often very long and has to be truncated, I think it would be nice to remove the little ASCII art cards/tables for vulnerabilities that are in the exceptions list. That way, the output would just be the list of exceptions and the "All good!" message if all vulnerabilities have been dealt with.
I suppose someone might like to see the (truncated) list of exceptions to give them some reassurance that the exceptions list is still having an effect, but if they use the expiry option then the exceptions should eventually become stale anyway. I will add that as another suggestion to Issue #20.
I like your idea on this! I could probably do a custom render list of all the found vulnerabilities (besides the exceptions given), but I think it might be difficult to truncate yet maintain the ASCII art table rendered by the npm audit command.
The straightforward solution to this is to build the ASCII art table using the info we get by ourselves (luckily I think we have all the information from the buffer). This might also improve the performance by running npm audit once (currently we are running twice, the second time is for rendering this ASCII art table)
Improving the performance like that sounds great!
I was hoping that it would require only a relatively simple state machine to detect the start of each table, and store it in a separate buffer until the More info line is read, and then throw away that buffer if the listed advisory relates to one of the exceptions.
Building the ASCII art tables from data parsed by the package itself would be even smarter, as you'd be able to do things like add rows. I can't think of any useful data to add right now, but I was considering filing another request about adding back the colours/bolding that the default npm audit provides.