npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm audit correct advisory URL

Hello!

We use our own libraries and modules of the NPM.
To solve the problem of checking security dependencies, we provide our own report in response to the npm install / npm audit command.

So we need to be able to provide our own links to the vulnerability report when calling the npm audit (or install).
Presently links to the https://npmjs.com/advisories/{id} are hardcoded:
https://github.com/npm/cli/blob/59e5056a2129cb2951f4ff3b657ada20657f01a7/node_modules/npm-audit-report/reporters/detail.js#L120
https://github.com/npm/cli/blob/59e5056a2129cb2951f4ff3b657ada20657f01a7/node_modules/npm-audit-report/reporters/detail.js#L163

Is there any way to change this in the global NPM repository?
For example, if you provide a “url” filed from the response in the CLI output for the npm audit command, this will solve our problem.
Presently the “url”-field from the response is de facto not used.
Thanks!