search

IBM / audit-ci

Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories
Apache License 2.0
263 stars 43 forks source link

Renameing of whitelist #162

Closed tujoworker closed 4 years ago

tujoworker commented 4 years ago

Hi everyone!

And thank you for making this wonderful package!

Right to the sake, many companies have renamed legacy words like blacklist/whitelist master/slave to something more descriptive. This in regards of #BlackLivesMatter

Would it be hard to rename whitelist in an upcoming major release to e.g. includelist or something other meaningful?

quinnturner commented 4 years ago

Hi @tujoworker,

Thanks for suggesting this enhancement! Coincidentally, whitelist has already been renamed to allowlist for this reason #154 #150 and was released in v3.1.0.

In addition, --allowlist/-a merges the functionality of three previous flags: --whitelist, --path-whitelist, and --advisories.

For backwards compat, we will keep whitelist for some time as we transition people over. All non-code-related mentions of whitelist have been removed from the docs (that I am aware of). There's also console.warnings to migrate to allowlist. The intention is to remove it entirely.

I will be closing this as it's considered duplicate.

quinnturner commented 4 years ago

However, I will consider renaming the master branch to main. I will create an issue for this and link it here.