From fb3bbb72d448ac37a465b31233b21381917422f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kat=20March=C3=A1n?= <kzm@zkat.tech>
Date: Tue, 18 Dec 2018 14:36:47 -0800
Subject: npm-audit-report@1.3.2

Ref: https://github.com/npm/npm-audit-report/pull/34
Credit: @melkikh
---
 .../npm-audit-report/reporters/parseable.js        | 25 ++++++++++++----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'node_modules/npm-audit-report/reporters/parseable.js')

diff --git a/node_modules/npm-audit-report/reporters/parseable.js b/node_modules/npm-audit-report/reporters/parseable.js
index 363359772..1d46ef227 100644
--- a/node_modules/npm-audit-report/reporters/parseable.js
+++ b/node_modules/npm-audit-report/reporters/parseable.js
@@ -11,6 +11,7 @@ const report = function (data, options) {
 
   const actions = function (data, config) {
     let accumulator = {
+      critical: '',
       high: '',
       moderate: '',
       low: ''
@@ -25,16 +26,18 @@ const report = function (data, options) {
           l.recommendation = recommendation.cmd
           l.breaking = recommendation.isBreaking ? 'Y' : 'N'
 
-          // TODO: Verify: The advisory seems to repeat and be the same for all the 'resolves'. Is it true?
-          const advisory = data.advisories[action.resolves[0].id]
-          l.sevLevel = advisory.severity
-          l.severity = advisory.title
-          l.package = advisory.module_name
-          l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}`
-          l.path = action.resolves[0].path
+          action.resolves.forEach((resolution) => {
+            const advisory = data.advisories[resolution.id]
+
+            l.sevLevel = advisory.severity
+            l.severity = advisory.title
+            l.package = advisory.module_name
+            l.moreInfo = advisory.url || `https://www.npmjs.com/advisories/${advisory.id}`
+            l.path = resolution.path
 
-          accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking]
-            .join('\t') + '\n'
+            accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking]
+              .join('\t') + '\n'
+          }) // forEach resolves
         }
 
         if (action.action === 'review') {
@@ -44,7 +47,7 @@ const report = function (data, options) {
             l.sevLevel = advisory.severity
             l.severity = advisory.title
             l.package = advisory.module_name
-            l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}`
+            l.moreInfo = advisory.url || `https://www.npmjs.com/advisories/${advisory.id}`
             l.patchedIn = advisory.patched_versions.replace(' ', '') === '<0.0.0' ? 'No patch available' : advisory.patched_versions
             l.path = resolution.path
 
@@ -53,7 +56,7 @@ const report = function (data, options) {
         } // is review
       }) // forEach actions
     }
-    return accumulator['high'] + accumulator['moderate'] + accumulator['low']
+    return accumulator['critical'] + accumulator['high'] + accumulator['moderate'] + accumulator['low']
   }
 
   const exitCode = function (metadata) {
-- 
cgit v1.2.3