IBM
diff --git a/‎lib/model.ts
+24-20 b/‎lib/model.ts
+24-20
diff --git a/‎test/allowlist.spec.ts
+12-12 b/‎test/allowlist.spec.ts
+12-12
diff --git a/‎test/npm-auditer.spec.ts
+26-26 b/‎test/npm-auditer.spec.ts
+26-26
diff --git a/‎test/npm7-auditer.spec.ts
+27-27 b/‎test/npm7-auditer.spec.ts
+27-27
@@ -151,7 +151,6 @@ class Model {
       | PartialPNPMAuditReportAudit
   ) {
     /** NPM 6 & PNPM */
-
     if ("advisories" in parsedOutput && parsedOutput.advisories) {
       for (const advisory of Object.values<
         DeepWriteable<
@@ -293,41 +292,46 @@ class Model {
         this.process(advisory);
       }
     }
-
     return this.getSummary();
   }
 
   getSummary(
     advisoryMapper: (advisory: any) => GitHubAdvisoryId = (a) =>
       a.github_advisory_id
   ) {
+    // Clean up the data structures for more consistent output.
+    this.advisoriesFound.sort();
+    this.advisoryPathsFound = [...new Set(this.advisoryPathsFound)].sort();
+    this.allowlistedAdvisoriesFound.sort();
+    this.allowlistedModulesFound.sort();
+    this.allowlistedPathsFound.sort();
+
     const foundSeverities = new Set<"low" | "moderate" | "high" | "critical">();
     for (const { severity } of this.advisoriesFound) {
       if (severity !== "info") {
         foundSeverities.add(severity);
       }
     }
-    const failedLevelsFound = [...foundSeverities];
-    failedLevelsFound.sort();
+    const failedLevelsFound = [...foundSeverities].sort();
 
     const advisoriesFound = [
       ...new Set(this.advisoriesFound.map((a) => advisoryMapper(a))),
-    ];
-
-    const allowlistedAdvisoriesNotFound = this.allowlist.advisories.filter(
-      (id) => !this.allowlistedAdvisoriesFound.includes(id)
-    );
-    const allowlistedModulesNotFound = this.allowlist.modules.filter(
-      (id) => !this.allowlistedModulesFound.includes(id)
-    );
-    const allowlistedPathsNotFound = this.allowlist.paths.filter(
-      (id) =>
-        !this.allowlistedPathsFound.some((foundPath) =>
-          matchString(id, foundPath)
-        )
-    );
-
-    this.advisoryPathsFound = [...new Set(this.advisoryPathsFound)];
+    ].sort();
+
+    const allowlistedAdvisoriesNotFound = this.allowlist.advisories
+      .filter((id) => !this.allowlistedAdvisoriesFound.includes(id))
+      .sort();
+    const allowlistedModulesNotFound = this.allowlist.modules
+      .filter((id) => !this.allowlistedModulesFound.includes(id))
+      .sort();
+    const allowlistedPathsNotFound = this.allowlist.paths
+      .filter(
+        (id) =>
+          !this.allowlistedPathsFound.some((foundPath) =>
+            matchString(id, foundPath)
+          )
+      )
+      .sort();
 
     const summary: Summary = {
       advisoriesFound,
 
@@ -25,19 +25,19 @@ describe("Allowlist", () => {
   it("can map config to advisories Allowlist", () => {
     const { advisories, modules, paths } = Allowlist.mapConfigToAllowlist({
       allowlist: [
-        "GHSA-pw2r-vq6v-hr8c",
+        "GHSA-42xw-2xvc-qx8m",
+        "GHSA-4w2v-q235-vp99",
         "GHSA-74fj-2j2h-c42q",
         "GHSA-cph5-m8f7-6c5x",
-        "GHSA-4w2v-q235-vp99",
-        "GHSA-42xw-2xvc-qx8m",
+        "GHSA-pw2r-vq6v-hr8c",
       ],
     });
     expect(advisories).to.deep.equal([
-      "GHSA-pw2r-vq6v-hr8c",
+      "GHSA-42xw-2xvc-qx8m",
+      "GHSA-4w2v-q235-vp99",
       "GHSA-74fj-2j2h-c42q",
       "GHSA-cph5-m8f7-6c5x",
-      "GHSA-4w2v-q235-vp99",
-      "GHSA-42xw-2xvc-qx8m",
+      "GHSA-pw2r-vq6v-hr8c",
     ]);
     expect(modules).to.deep.equal([]);
     expect(paths).to.deep.equal([]);
@@ -46,21 +46,21 @@ describe("Allowlist", () => {
   it("can map config to paths Allowlist", () => {
     const { advisories, modules, paths } = Allowlist.mapConfigToAllowlist({
       allowlist: [
-        "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+        "GHSA-42xw-2xvc-qx8m|axios",
+        "GHSA-4w2v-q235-vp99|axios",
         "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
         "GHSA-cph5-m8f7-6c5x|axios",
-        "GHSA-4w2v-q235-vp99|axios",
-        "GHSA-42xw-2xvc-qx8m|axios",
+        "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
       ],
     });
     expect(advisories).to.deep.equal([]);
     expect(modules).to.deep.equal([]);
     expect(paths).to.deep.equal([
-      "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+      "GHSA-42xw-2xvc-qx8m|axios",
+      "GHSA-4w2v-q235-vp99|axios",
       "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
       "GHSA-cph5-m8f7-6c5x|axios",
-      "GHSA-4w2v-q235-vp99|axios",
-      "GHSA-42xw-2xvc-qx8m|axios",
+      "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
     ]);
   });
 
 
@@ -269,36 +269,36 @@ describe("npm-auditer", () => {
         directory: testDirectory("npm-allowlisted-path"),
         levels: { moderate: true },
         allowlist: new Allowlist([
+          "*|github-build>axios",
           "GHSA-42xw-2xvc-qx8m|axios",
           "GHSA-42xw-2xvc-qx8m|github-build>*",
           "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
           "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
-          "*|github-build>axios",
         ]),
       }),
       (_summary) => _summary
     );
     expect(summary).to.eql(
       summaryWithDefault({
         advisoriesFound: [
+          "GHSA-4w2v-q235-vp99",
           "GHSA-74fj-2j2h-c42q",
           "GHSA-cph5-m8f7-6c5x",
-          "GHSA-4w2v-q235-vp99",
         ],
         failedLevelsFound: ["high"],
         allowlistedPathsFound: [
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
-          "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-42xw-2xvc-qx8m|axios",
           "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
+          "GHSA-cph5-m8f7-6c5x|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ],
         advisoryPathsFound: [
+          "GHSA-4w2v-q235-vp99|axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
           "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
           "GHSA-cph5-m8f7-6c5x|axios",
-          "GHSA-4w2v-q235-vp99|axios",
         ],
       })
     );
@@ -310,33 +310,33 @@ describe("npm-auditer", () => {
         directory: testDirectory("npm-allowlisted-path"),
         levels: { moderate: true },
         allowlist: new Allowlist([
-          "GHSA-cph5-m8f7-6c5x|axios",
-          "GHSA-4w2v-q235-vp99|axios",
           "GHSA-42xw-2xvc-qx8m|axios",
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
+          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-4w2v-q235-vp99|axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
           "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-cph5-m8f7-6c5x|axios",
           "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
-          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ]),
       }),
       (_summary) => _summary
     );
     expect(summary).to.eql(
       summaryWithDefault({
         allowlistedPathsFound: [
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
+          "GHSA-42xw-2xvc-qx8m|axios",
+          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-4w2v-q235-vp99|axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
           "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
           "GHSA-cph5-m8f7-6c5x|axios",
           "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
-          "GHSA-42xw-2xvc-qx8m|axios",
-          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ],
       })
     );
@@ -347,23 +347,23 @@ describe("npm-auditer", () => {
       config({
         directory: testDirectory("npm-allowlisted-path"),
         levels: { moderate: true },
-        allowlist: new Allowlist(["*|axios", "*|github-build>*", "*|axios>*"]),
+        allowlist: new Allowlist(["*|axios", "*|axios>*", "*|github-build>*"]),
       }),
       (_summary) => _summary
     );
     expect(summary).to.eql(
       summaryWithDefault({
         allowlistedPathsFound: [
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
+          "GHSA-42xw-2xvc-qx8m|axios",
+          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-4w2v-q235-vp99|axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
           "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
           "GHSA-cph5-m8f7-6c5x|axios",
           "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
-          "GHSA-42xw-2xvc-qx8m|axios",
-          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ],
       })
     );
 
@@ -252,36 +252,36 @@ describe("npm7-auditer", () => {
         directory: testDirectory("npm-allowlisted-path"),
         levels: { moderate: true },
         allowlist: new Allowlist([
+          "*|github-build>axios",
           "GHSA-42xw-2xvc-qx8m|axios",
           "GHSA-42xw-2xvc-qx8m|github-build>*",
           "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
           "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
-          "*|github-build>axios",
         ]),
       }),
       (_summary) => _summary
     );
     expect(summary).to.eql(
       summaryWithDefault({
         advisoriesFound: [
-          "GHSA-cph5-m8f7-6c5x",
           "GHSA-4w2v-q235-vp99",
           "GHSA-74fj-2j2h-c42q",
+          "GHSA-cph5-m8f7-6c5x",
         ],
         failedLevelsFound: ["high"],
         allowlistedPathsFound: [
-          "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-42xw-2xvc-qx8m|axios",
           "GHSA-42xw-2xvc-qx8m|github-build>axios",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
+          "GHSA-cph5-m8f7-6c5x|github-build>axios",
           "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ],
         advisoryPathsFound: [
-          "GHSA-cph5-m8f7-6c5x|axios",
           "GHSA-4w2v-q235-vp99|axios",
-          "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
+          "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-cph5-m8f7-6c5x|axios",
         ],
       })
     );
@@ -293,33 +293,33 @@ describe("npm7-auditer", () => {
         directory: testDirectory("npm-allowlisted-path"),
         levels: { moderate: true },
         allowlist: new Allowlist([
-          "GHSA-cph5-m8f7-6c5x|axios",
-          "GHSA-4w2v-q235-vp99|axios",
           "GHSA-42xw-2xvc-qx8m|axios",
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
+          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-4w2v-q235-vp99|axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
           "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-cph5-m8f7-6c5x|axios",
           "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
-          "GHSA-42xw-2xvc-qx8m|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ]),
       }),
       (_summary) => _summary
     );
     expect(summary).to.eql(
       summaryWithDefault({
         allowlistedPathsFound: [
-          "GHSA-cph5-m8f7-6c5x|axios",
-          "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-42xw-2xvc-qx8m|axios",
           "GHSA-42xw-2xvc-qx8m|github-build>axios",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-4w2v-q235-vp99|axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
+          "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-cph5-m8f7-6c5x|axios",
+          "GHSA-cph5-m8f7-6c5x|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ],
       })
     );
@@ -337,16 +337,16 @@ describe("npm7-auditer", () => {
     expect(summary).to.eql(
       summaryWithDefault({
         allowlistedPathsFound: [
-          "GHSA-cph5-m8f7-6c5x|axios",
-          "GHSA-cph5-m8f7-6c5x|github-build>axios",
-          "GHSA-4w2v-q235-vp99|axios",
-          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-42xw-2xvc-qx8m|axios",
           "GHSA-42xw-2xvc-qx8m|github-build>axios",
-          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
-          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
-          "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-4w2v-q235-vp99|axios",
+          "GHSA-4w2v-q235-vp99|github-build>axios",
           "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
+          "GHSA-74fj-2j2h-c42q|github-build>axios>follow-redirects",
+          "GHSA-cph5-m8f7-6c5x|axios",
+          "GHSA-cph5-m8f7-6c5x|github-build>axios",
+          "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
+          "GHSA-pw2r-vq6v-hr8c|github-build>axios>follow-redirects",
         ],
       })
     );