npm@7 audit version not supported
New version of npm arrived with node.js 15, it seems, that new audit.json format is not supported.
Do we plan to support new version?
Example format:
{
"auditReportVersion": 2,
"vulnerabilities": {
"node-fetch": {
"name": "node-fetch",
"severity": "moderate",
"via": [
{
"source": 124392,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15168",
"severity": "moderate",
"range": "< 2.6.1||3.0.0-beta.1 ≤ Version < 3.0.0-beta.9"
},
{
"source": 1556,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "Denial of Service",
"url": "https://npmjs.com/advisories/1556",
"severity": "low",
"range": "< 2.6.1 || >= 3.0.0-beta.1 < 3.0.0-beta.9"
}
],
"effects": [],
"range": "<=2.6.0 || 3.0.0-beta.1 - 3.0.0-beta.8",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 104,
"dev": 88,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 192
}
}
}Edited by Honza Machala