The expanded finding row in the HTML report currently only shows the first dependency path. For transitive vulnerabilities with multiple paths, showing all paths (as the verbose terminal output does) gives a clearer picture of how the package got pulled in.
The expanded finding row in the HTML report currently only shows the first dependency path. For transitive vulnerabilities with multiple paths, showing all paths (as the verbose terminal output does) gives a clearer picture of how the package got pulled in.