feat(report): add risk and next-action guidance#602
Conversation
omobolajiadeyan
force-pushed
the
feature/issue-233-html-risk-guidance
branch
from
d0b701f to
7cac5be
Compare
| <h4>Description</h4> | ||
| <p>${escapeHtml(description)}</p> | ||
| <h4 class="detail-subheading">Risk summary</h4> | ||
| <p>${escapeHtml(finding.riskSummary)}</p> |
There was a problem hiding this comment.
Please move Risk Summary and Next Action into the third column (Recommended Action), not the first. Description tells the reader what is wrong - Risk Summary and Next Action tell them what to do about it, which belongs alongside the fix command. Column 3 should read: fix command, then Risk Summary, then Next Action.
Same change applies to multi-folder-html-reporter.ts if you added it there too.
There was a problem hiding this comment.
Addressed in 4b7dbcb.
Risk Summary and Next Action now render in the third Recommended Action column, immediately after the fix command or explanatory remediation note. The Description column now contains only the vulnerability description. Because the multi-folder report reuses renderFindingRow, the same placement applies there as well.
I also strengthened the HTML reporter test to assert the ordering: Recommended Action, then Risk Summary, then Next Action. Validation: 40 focused tests passed, TypeScript build passed, npm audit reported 0 vulnerabilities, and git diff --check passed.
omobolajiadeyan
force-pushed
the
feature/issue-233-html-risk-guidance
branch
from
4b7dbcb to
b5d9231
Compare
|
Rebased onto |
2 participants
Summary
summarizeRisk()andsummarizeNextAction()logic in HTML reportsTests
npm test -- --runInBand(30 suites passed; 440 passed, 1 skipped)npm run buildnpm audit --omit=dev(0 vulnerabilities)Coverage includes direct, transitive, and malicious-package guidance plus HTML escaping and JSON-contract protection.
Closes #233
AI assistance disclosure
OpenAI Codex assisted with implementation, tests, and documentation. I reviewed the changes and verified the full Jest suite, TypeScript build, and runtime dependency audit. I remain responsible for the contribution.