Allow filtering by severity #13
Comments
|
For us this would also help a lot as we are using audit (relying on the error code) to break our continuous delivery pipelines. For most projects we would not like to break on low severity issues but on high security projects this is a requirement. |
|
I'd like to take this one. I implemented some things in preparation for this one, so as soon as we merged the PRs I could work on it. |
The passed config object can now specify the string `severityThreshold` to hide less severe vulnerabilities. The (already-present) default 'info' threshold preserves the previous behaviour. Implements npm#13.
The passed config object can now specify the string `severityThreshold` to hide less severe vulnerabilities. The (already-present) default 'info' threshold preserves the previous behaviour. Implements npm#13.
|
this appears dead - the changes linked above by @welwood08 are not on a PR and are against a read-only, abandoned version of npm |
|
let's get this back on track! |
|
For future Googlers, you can filter by severity using the npm audit --audit-level=moderateMake sure you have a recent npm version. |
|
@WilliamDASILVA According to the NPM docs, and my testing, that's not how it works -- it doesn't filter anything, it merely determines what is considered a failure: |
|
Closing out all issues and PRs from 2018 and 2019, since this module has been fundamentally refactored for version 2 (npm version 7). Happy to reopen if this is still a thing worth exploring (and it'll probably be easier now if so). |
It would be nice if reporters took in an optional severity level and only produced output for vulnerabilities at or above that severity level.
The text was updated successfully, but these errors were encountered: