search

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
https://retirejs.github.io/retire.js/
Other
3.66k stars 414 forks source link

--ignore does not ignore given application subdirectory #420

Closed michaelfranzl closed 1 year ago

michaelfranzl commented 1 year ago

Retire.js version: (retire --version): 4.3.2

node version: (node --version): 14.17.0

Description: --ignore does not ignore given application subdirectory

Expected behaviour: --ignore ignores given application subdirectory

I have an application with a subdirectory named vendor. I would like to ignore this entire directory.

Steps to reproduce:

npm i retire
mkdir test
cp vulnerable.js test # copy any vulnerable javascript file into the test directory
./node_modules/.bin/retire --ignore test

The vulnerable file is still reported and the command exits with non-zero code.

michaelfranzl commented 1 year ago

Thanks for fixing it. When will this be released?

eoftedal commented 1 year ago

Thank you. Fixed in 4.3.3

eoftedal commented 1 year ago

(which is already released) :)