This repository has been archived by the owner on May 1, 2024. It is now read-only.
npm audit --json should return a stable source ID for vulnerabilities #1015
stevendarby
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The source property on a vulnerability changes every time the GitHub advisory is updated. Tools like npm-audit-resolver use this as an ID in their resolution files, so its mutability often makes the resolutions short-lived. There has previously been an indication that the mutability would be removed (see naugtur/npm-audit-resolver#56 (comment)). This issue is to check in on that plan and also show some support for that idea.
Beta Was this translation helpful? Give feedback.
All reactions