Severity filter for npm audit

(idleberg) #1

I don’t know about you, but I’d find it immensely useful, if npm audit had a switch to filter packages by severity of a vulnerability.


$ npm audit --severity moderate

The example above would only display dependencies with moderate vulnerabilities.

More ideas:

# Moderate & high
$ npm audit --severity moderate|high

# Moderate and above
$ npm audit --severity >moderate

Any thoughts?

(Deven Phillips) #2

+1 from me… I like that idea… Even better would be to base the severity on the NIST CVSS score.