@npmcli/arborist 2.8.5 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/vuln.js +12 -1
- package/package.json +1 -1
package/lib/vuln.js
CHANGED
|
@@ -82,6 +82,17 @@ class Vuln {
|
|
|
82
82
|
}
|
|
83
83
|
}
|
|
84
84
|
|
|
85
|
+
get isDirect () {
|
|
86
|
+
for (const node of this.nodes.values()) {
|
|
87
|
+
for (const edge of node.edgesIn) {
|
|
88
|
+
if (edge.from.isProjectRoot || edge.from.isWorkspace) {
|
|
89
|
+
return true
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
return false
|
|
94
|
+
}
|
|
95
|
+
|
|
85
96
|
testSpec (spec) {
|
|
86
97
|
const specObj = npa(spec)
|
|
87
98
|
if (!specObj.registry) {
|
|
@@ -101,10 +112,10 @@ class Vuln {
|
|
|
101
112
|
}
|
|
102
113
|
|
|
103
114
|
toJSON () {
|
|
104
|
-
// sort so that they're always in a consistent order
|
|
105
115
|
return {
|
|
106
116
|
name: this.name,
|
|
107
117
|
severity: this.severity,
|
|
118
|
+
isDirect: this.isDirect,
|
|
108
119
|
// just loop over the advisories, since via is only Vuln objects,
|
|
109
120
|
// and calculated advisories have all the info we need
|
|
110
121
|
via: [...this.advisories].map(v => v.type === 'metavuln' ? v.dependency : {
|