Fixes #443 for v5

RetireJS · Jul 15, 2024 · 1dc849a · 1dc849a
1 parent 632165f
commit 1dc849a
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 4 deletions.
diff --git a/node/CHANGELOG.md b/node/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [5.1.2]
+
+### Bugfix
+
+- JSON format should not include results without vulnerabilities unless `--verbose` is specified.
+
 ## [5.1.1]
 
 ### Bugfix

diff --git a/node/lib/retire.js b/node/lib/retire.js
@@ -4,7 +4,7 @@
  */
 
 var exports = exports || {};
-exports.version = '5.1.1';
+exports.version = '5.1.2';
 
 function isDefined(o) {
   return typeof o !== 'undefined';

diff --git a/node/package-lock.json b/node/package-lock.json
diff --git a/node/package.json b/node/package.json
@@ -2,7 +2,7 @@
   "author": "Erlend Oftedal <[email protected]>",
   "name": "retire",
   "description": "Retire is a tool for detecting use of vulnerable libraries",
-  "version": "5.1.1",
+  "version": "5.1.2",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

diff --git a/node/src/reporters/json.ts b/node/src/reporters/json.ts
@@ -23,6 +23,9 @@ export default {
         };
     logger.warn = logger.error = (message) => finalResults.errors.push(message);
     logger.logVulnerableDependency = (finding) => {
+      if (!config.verbose) {
+        finding.results = finding.results.filter((r) => retire.isVulnerable([r]));
+      }
       finalResults.data.push(finding);
     };
     logger.logDependency = function (finding) {