Is your feature request related to a problem? Please describe.
Currently NPM Audit results are using a textual severity description, but for at least a significant part of the NPM Audit responses CVSS information is also included.
Describe the solution you'd like
When available DependencyCheck should use the CVSS scores and vector information when reporting the severity of the NPM Audit API findings. When CVSS scores are not present ODC fall back to using the textual severity from the NPM Audit API response.
Describe alternatives you've considered
Keeping the severities as is, resulting in loss of information compared to the NPM Audit API response.
Is your feature request related to a problem? Please describe.
Currently NPM Audit results are using a textual severity description, but for at least a significant part of the NPM Audit responses CVSS information is also included.
Describe the solution you'd like
When available DependencyCheck should use the CVSS scores and vector information when reporting the severity of the NPM Audit API findings. When CVSS scores are not present ODC fall back to using the textual severity from the NPM Audit API response.
Describe alternatives you've considered
Keeping the severities as is, resulting in loss of information compared to the NPM Audit API response.