2.0 roadmap

[nprail]

The second major version of npm-audit-html will have a few major new features.

• Support more than just npm. Allow for an easy way to create an adapter for other npm-audit clients such as Yarn. - Yarn audit support #36
• Move to TypeScript - TypeScript #27
• Support auditReportVersion 2 - Support NPM 7 (auditReportVersion 2) #43
• Expose the reporter API - Expose the reporter API #44
• What else is important??

Join the conversation on Slack!

https://slack.event1.io

[cguy]

Hello,

If I could suggest two more features:

• an API endpoint (not just cli) to use the module inside a node project
• support the auditReportVersion:2 JSON format (in case anyone like me generate the NPM audit JSON report with @npmcli/arborist and npm-audit-report

Anyway your library is nice, wish you the best

Best regards,

[nprail]

@cguy Thanks for the ideas!

Technically, you actually could use npm-audit-html's API directly. It is just undocumented. And lib/reporter.js should probably be set as the main file in the package.json.

Adding support for auditReportVersion:2 is definitely a must as well.

[cguy]

@nprail Thank you for your answer.

Actually, I already checked the reporter file. My concern is it always writes a file on the file system, however through API I could be excepting to get the HTML String :)

Regarding version 2 of the report version, it's quite simple, there is only one layer added after vulnerabilities (the new name of "adventories").

I forked your project for immediate need (added my own ugly code), but it works.

[nprail]

@cguy Ah, I see. I think it makes sense to move the actual file writing to the CLI and keep the reporter more abstracted from the system.

Yeah, I took a look at the version 2 spec and it doesn't look too bad at all. I'm planning on making a way for there to be various "adapters" for different audit specs like Yarn (#36), v1 and v2.