npm audit correct advisory URL


(Alexander) #1

Hello!

We use our own libraries and modules of the NPM.
To solve the problem of checking security dependencies, we provide our own report in response to the npm install / npm audit command.

So we need to be able to provide our own links to the vulnerability report when calling the npm audit (or install).
Presently links to the https://npmjs.com/advisories/{id} are hardcoded:
https://github.com/npm/cli/blob/59e5056a2129cb2951f4ff3b657ada20657f01a7/node_modules/npm-audit-report/reporters/detail.js#L120
https://github.com/npm/cli/blob/59e5056a2129cb2951f4ff3b657ada20657f01a7/node_modules/npm-audit-report/reporters/detail.js#L163

Is there any way to change this in the global NPM repository?
For example, if you provide a “url” filed from the response in the CLI output for the npm audit command, this will solve our problem.
Presently the “url”-field from the response is de facto not used.
Thanks!