Add configuration option to omit version number from output #356
Conversation
|
Hey @romanzipp , Thank you for this suggestion and for raising a PR for it. We'll try to find some time to look over this in the new few days, and we'll get back to you as soon as possible. Thanks again :) |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #356 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 28 28
Lines 505 525 +20
Branches 80 89 +9
=========================================
+ Hits 505 525 +20 ☔ View full report in Codecov by Sentry. |
|
Hey @romanzipp , Thank you for raising this PR; we're up for merging this feature. I hope you don't mind but we've pushed a couple of commits up to your branch. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| describe("omit-versions", () => { | ||
| it("should match snapshot when --omit-versions is given", async () => { | ||
| await execAsync( | ||
| `npx generate-license-file --input ${input} --output ${output} --omit-versions` |
Check warning
Code scanning / CodeQL
Shell command built from environment values
|
Hey @romanzipp, We've released this feature as part of the latest minor release, |
I would like to add a configuration option that will omit any specific version numbers in the generated output.
This change was motivated by the fact that possible attackers could easily determine if there are known vulnerabilities in a given node proejct if the license file is publicly available.
Unfortunately I'm not familiar with TS and testing in JavaScript so it could easily be possible that this change won't work in it's current form.
Thanks for your work on the project and let me know if you would be willing to implement such a change.
Proposed changes to the output file