More about this vulnerability button don't work

[dzienisz]

[nprail]

Oh, looks like that field can be a comma-separated list of URLs. Should be fairly easy to resolve.

[dzienisz]

I can fix it as #hacktoberfest issue

[dzienisz]

@nprail can you help me?

I see that we render this list by using {{#if references}} but it sometimes return markdown data and sometimes urls separated by comma 🤯

I can't find in code where {{references}} is created.

[nprail]

@dzienisz references comes from directly from npm audit --json without manipulation. We will probably have to loop through the advisories and parse that field somehow into a consistent format.

Here is a possible algorithm to determine if it is a comma separated list of URLs:

const splitList = advisory.references.split(',')

let isUrlList = true
for (const urlItem of splitList) {
  try {
    new URL(urlItem)
  } catch (err) {
    // if new URL throws an error, than the item isn't a valid URL
    isUrlList = false
  }
}

// if any of the items do not parse as a URL then it probably isn't a comma-separated list of URLs
return isUrlList

[dzienisz]

Hey @nprail currently I don't have time to do this. Anybody can take that.

I see you stopped supporting this code. Do you plan to find another contributors or archive the project?