Merge pull request #7 from NodeSecure/feature/nsci-ignore

parent 4f7b4ef
author Tony Gorez <[email protected]> 1654807466 +0200
committer Tony Gorez <[email protected]> 1656869571 +0200

feat: add getIngoreFile fn

chore: delete di and use mock-fs

feat: make validator return error

fix: root path

feat: add base filter

fix: types

chore(interpret): create hasWarningsIgnorePatterns func

chore(adapt): fix import)

fix(adapt): dont return ignorePatterns

fix(ignore-file): add jsxray types

fix: use process.cwd()

fix: use IgnorePatterns.default instead of creating manual object

fix: lint + use IgnorePatterns.default

fix: standardizeExternalConfiguration type

chore: rename filter function

chore: rename a few variables/func/types

test: move test and fix types

chore: apply linter

chore(interpret): add fixture generators

chore: rename ignore file

fix: create temporary logger abstract

chore: apply linter

doc: add .nodesecureignore base doc

fix: IgnorePatterns & IgnoreWarningsPatterns abstract

README.md

@@ -183,6 +183,27 @@ If you don't have the possibility to generate a **.nodesecurerc** file, there ar
 
 The idea is to provide same options for all types of configuration. Nevertheless for now, the specific way to set a **warnings** dictionary (other than "error" | "warning" | "off" options) is only available when using the **.nodesecurerc** or **API** configurations.
 
+#### .nodesecureignore (ignore file)
+
+During your NodeSecure journey it's possible that you'll find false positives. The `.nodesecureignore` is the perfect tool to address these cases.
+
+Let's say that you want to exclude `"unsafe-regex"` from `express`:
+
+1. Create your `.nodesecureignore` file at the root of your project
+
+2. Add the following JSON content:
+
+```json
+{
+  "warnings": {
+    "unsafe-regex": ["express"]
+  }
+}
+```
+
+3. Run your analysis as usual: no more `unsafe-regex` for `express` package.
+
+> Found the list of warnings available [here](https://github.com/NodeSecure/js-x-ray#warnings)
 ---
 
 #### CLI