Update 'isExcepted' to check for CVE id

src/types/general.d.ts

@@ -19,6 +19,7 @@ export interface v6Advisories {
 
 export interface v6Advisory {
   readonly id: string;
+  readonly cves: string[];
   // eslint-disable-next-line camelcase
   readonly module_name: string;
   readonly title: string;

src/utils/vulnerability.ts

@@ -76,7 +76,16 @@ export function processAuditJson(
     return Object.values(advisories).reduce(
       (acc: ProcessedResult, cur: v6Advisory) => {
         const shouldAudit = mapLevelToNumber(cur.severity) >= mapLevelToNumber(auditLevel);
-        const isExcepted = exceptionIds.includes(Number(cur.id));
+        let isExcepted: boolean = false;
+
+        if (cur.id && exceptionIds.includes(Number(cur.id)) || // NPM v6 contains 'id's to use
+            (cur.cves && exceptionIds.filter(id => cur.cves.includes(id)).length > 0) || // NPM v6 can also have an array of cve id's
+            (cur.via && cur.via[0].source && exceptionIds.includes(Number(cur.via[0].source))) || //auditReportVersion: 2. Check via.source for id
+            (cur.via && cur.via[0].url && exceptionIds.filter(id => cur.via[0].url.contains(id)).length > 0 )) //auditReportVersion: 2. Check via.url for github id
+        {
+            isExcepted = true;
+        }
+
         const isIgnoredModule = modulesToIgnore.includes(cur.module_name);
 
         // Record this vulnerability into the report, and highlight it using yellow color if it's new

tsconfig.json

@@ -3,8 +3,7 @@
         "target": "es5",
         "module": "commonjs",
         "lib": [
-            "ES6",
-            "ES2015"
+            "ES2018"
         ],
         "outDir": "lib",
         "strict": true,
@@ -19,4 +18,4 @@
     "exclude": [
         "test",
     ],
-}
+}