[ ] Stack trace (if provided) contains mobi.hsz.idea.gitignore package name
Description
In my project, I am using jsdom package. Node Security plugin complains it has a dependency on hoek which is vulnerable. However this dependency is not direct and actually, jsdom depends on a package which depends on a package which depends on hoek. It takes a lot of time to figure out such dependency path.
It would be awesome if Node Security plugin could report on the full dependency path, like:
jsdom > package A > package B > hoek is vulnerable...
Prerequisites
mobi.hsz.idea.gitignorepackage nameDescription
In my project, I am using
jsdompackage. Node Security plugin complains it has a dependency onhoekwhich is vulnerable. However this dependency is not direct and actually,jsdomdepends on a package which depends on a package which depends onhoek. It takes a lot of time to figure out such dependency path.It would be awesome if Node Security plugin could report on the full dependency path, like:
jsdom > package A > package B > hoek is vulnerable...or
Probably the second is better as it can display multiple dependency branches leading to the issue...