Feature request: add api for programmatic use

[mithodin]

This is a nice little tool. I would like to integrate it into a project for use in the build pipeline. I would like to have the option of ignoring some vulnerabilites, though. Now this is absolutely doable as-is by piping the output of yarn audit through an intermediate command which filters out the ignorable errors, but it is harder than it has to be.

Therefore I would propose to expose an api by which yarn-audit-html can be used programmatically, with a hook or some other means by which to filter the reported vulnerabilities. This could also be used to enrich the report with some additional information, or add more sophisticated error handling (e.g. only fail with status code 1 if there are more than 5 low-impact vulnerabilities). Ideally, there would be a type definition for this api as well as the schema of the vulnerability report itself.

I am absolutely open to contributing to the implementation, if you are open to the idea itself.

[davityavryan]

Hi @mithodin, Thanks for a suggestion. Sorry for late reply. I had a burnout. Status: In Progress 🙃 I am currently finishing rewrite to Typescript, so type definition for API will be there in time when I will expose bits of functionality.

[davityavryan]

Hey @mithodin I just published new v7.0.0 version which is a full rewrite with Typescript. You will be able to find here exported typed functions which might be helpful. I guess it can be a start. I might consider separating that functionality to a separate package, which can be loaded programmatically too, and re-use here. Also, maybe it's time so that this package starts working with other package managers. What you think about that?

[mithodin]

This is really cool, thank you! I will give it a go shortly.