Add ability to ignore specific vulnerability with npm audit #38
Comments
|
My specific use-case is this: in parshap/check-node-version#12 we found the need to include some old version of npm for testing purposes. That will always have audit issues in the future, and the list will only grow. Therefore, we'd like to keep the reference but not audit it in order to see the actually relevant issues without having to manually sift through the list. |
|
The best way to move forward with this is to head over to https://github.com/npm/rfcs and post a PR (or an issue describing the need and suggesting that someone else champion it). It wouldn't be too hard to do in v2 of this module (ie, npm v7), but doing so in the previous implementation would be tricky. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recreation of npm/npm#20764 to show it's still desired.
Similar to #31, if there is a known vulnerability that is a non-issue to the current project you should be able to add this to an ignored list (by vuln #, package, or dev vs regular).
The text was updated successfully, but these errors were encountered: