search

eventOneHQ / npm-audit-html

🔒 Generate a HTML report for NPM Audit
http://oss.eventone.page/npm-audit-html/
MIT License
51 stars 26 forks source link

More about this vulnerability button don't work #54

Open dzienisz opened 4 years ago

dzienisz commented 4 years ago
Screenshot 2020-09-29 at 13 42 34 Screenshot 2020-09-29 at 13 42 44
nprail commented 4 years ago

Oh, looks like that field can be a comma-separated list of URLs. Should be fairly easy to resolve.

dzienisz commented 4 years ago

I can fix it as #hacktoberfest issue

dzienisz commented 4 years ago

@nprail can you help me?

I see that we render this list by using {{#if references}} but it sometimes return markdown data and sometimes urls separated by comma 🤯

I can't find in code where {{references}} is created.

nprail commented 4 years ago

@dzienisz references comes from directly from npm audit --json without manipulation. We will probably have to loop through the advisories and parse that field somehow into a consistent format.

Here is a possible algorithm to determine if it is a comma separated list of URLs:

const splitList = advisory.references.split(',')

let isUrlList = true
for (const urlItem of splitList) {
  try {
    new URL(urlItem)
  } catch (err) {
    // if new URL throws an error, than the item isn't a valid URL
    isUrlList = false
  }
}

// if any of the items do not parse as a URL then it probably isn't a comma-separated list of URLs
return isUrlList
dzienisz commented 2 years ago

Hey @nprail currently I don't have time to do this. Anybody can take that.

I see you stopped supporting this code. Do you plan to find another contributors or archive the project?