Weird wording in "It can be removed" message

jeemok / better-npm-audit

The goal of this project is to provide additional features on top of the existing npm audit options

https://www.npmjs.com/package/better-npm-audit

MIT License

118 stars 26 forks source link

Weird wording in "It can be removed" message #76

Closed alert-debug closed 2 years ago

alert-debug commented 2 years ago

I've just been updating some dependencies of a project I'm working on, and an npm run audit produced this message before the All good!:

2 of the excluded vulnerabilities did not match any of the found vulnerabilities: 1064653, 1064843. They can be removed from the .nsprc file or --exclude -x flags. 1 of the ignored modules did not match any of the found vulnerabilites: . It can be removed from the --module-ignore -m flags.

There are two problems with this:

It looks like a (one element) list is missing in the text any of the found vulnerabilites: .
The word vulnerabilites should be vulnerabilities (which has the correct spelling the other two times it occurs).

Sorry for reporting these minor issues in this fantastic software, but hopefully they are easy fixes. 😄

jeemok commented 2 years ago

ah, nice catch @alertme-edwin! I'm looking at this message now too, let me fix it together

jeemok commented 2 years ago

hey, @alertme-edwin I've published the fix under v3.7.1, please let me know if there is any issue :) thank you as always!

huineng commented 2 years ago

doesn't seem to work, i have not excluded anything, .nprmc file is empty and i have this message

1 of the ignored modules did not match any of the found vulnerabilities: . It can be removed from the --module-ignore -m flags.

this message appears "after" upgrading to 3.7.2, with 3.6.0 i didn't have that message

ps when i fill in a "dummy" entry in .npmrc i see this message, it might help you debugging

1 of the excluded vulnerabilities did not match any of the found vulnerabilities: 1064864. 
It can be removed from the .nsprc file or --exclude -x flags. 
1 of the ignored modules did not match any of the found vulnerabilities: . 
It can be removed from the --module-ignore -m flags.

thanks

jeemok commented 2 years ago

thanks for reporting @huineng. In your testing, do you mean 1064864 is correctly showing but not the modules? Could you provide me with these details:

which npm version are you running on?
what command and flags did you run?

I'm suspecting you might have accidentally passed in empty value with the ignore-module flag, but either way it would probably be good to check on falsy value before rendering the message. let me publish a fix...

jeemok commented 2 years ago

@huineng can you try again on v3.7.3?

huineng commented 2 years ago

All good !