[Suggestion] Add path to modules with reported vulnerability in the new UI

[s0rthak]

Hi!

First of all, the new interface to the tool is great. It's so much more cleaner to go through now.

Would it be possible to show the path to the module with the reported vulnerability in the new UI?

Here's a example output: (I'm using npm v6 with node 14 right now)

This is from a frontend repo and all the dependencies mentioned here are nested dependencies of react-scripts

The tar module for example is used here react-scripts > terser-webpack-plugin > cacache > tar

Being able to see the module path would make it easier to figure out if we need to prioritize fixing this or ignoring it if it doesn't fit our use-case.

Right now, I have to run npm audit again after looking at the UI.

Also, I understand that a package may have more than one path, particularly when there are vulnerabilities in packages used by a lot of other packages. Maybe it can be present in the following manner:

react-scripts > terser-webpack-plugin > cacache > tar
react-scripts > some_other_path > tar
and 4 others

I'll be happy to contribute to an MR for this as well if it's possible with npm. Please let me know, thanks!

[jeemok]

hey @s0rthak, sorry for the late response. Yes, its definitely possible with npm v6 👍🏻 there is a sample mock of v6 audit response here https://github.com/jeemok/better-npm-audit/blob/master/test/__mocks__/v6-json-buffer.json you can refer to. However, this paths value might not be available or the same with npm v7 audit report (I found nodes but I think it is a different thing), but I think it is okay to have different output UI here depending on the npm versions to give the user the best informative report.

I can work on it over this weekend, or happy to review one if you can submit one MR too!

PS: I'll move this issue over to Discussion tab