Optimise human readable output for narrow terminals

[idkw]

When using the default textual output and the SOURCE path is long enough, the output is truncated.

All lines end with a ≈ and are truncated which make the output unusable because it misses the OSV URL entirely.

╭────────────────────────────────────────────────────┬───────────┬─────────────────────────┬───────────────────────────────────┬───────────────────────────── ≈
│ SOURCE                                             │ ECOSYSTEM │ AFFECTED PACKAGE        │ VERSION                           │ OSV URL (ID IN BOLD)         ≈
├────────────────────────────────────────────────────┼───────────┼─────────────────────────┼───────────────────────────────────┼───────────────────────────── ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│ xxxxx/xxxxx/node_modules/package-lock.json         │ npm       │ lodash                  │ 4.17.4                            │ https://osv.dev/vulnerabilit ≈
│

I know about the JSON output, but I'd like to have an untruncated textual output too because it is more readable.

[oliverchang]

Re-opening as #87 was a partial fix/mitigation.

[oliverchang]

Thanks for trying osv-scanner and opening this issue!

We've made some changes to mitigate this, and released https://github.com/google/osv-scanner/releases/tag/v1.0.2 which includes:

• Moving the source column to be the last column
• Better support for piping into less -S, which lets you horizontally scroll on narrow terminals.
• Reducing the width of some column headers

Most of our team is out for the rest of the year, but once we're back early next year we'll work on improving this further!

[idkw]

Thanks !

[G-Rath]

@oliverchang @another-rex this could be a good time to talk about supporting the output style of osv-detector as an alternative because that should be much better suited for narrow terminals:

Loaded the following OSV databases:
  Go (1003 vulnerabilities, including withdrawn - last updated Wed, 21 Dec 2022 18:22:46 GMT)

go.mod: found 8 packages
  Using config at .osv-detector.yaml (1 ignore)
  Using db Go (1003 vulnerabilities, including withdrawn - last updated Wed, 21 Dec 2022 18:22:46 GMT)

  golang.org/x/sys@0.0.0-20210630005230-0f9fa26af87c is affected by the following vulnerabilities:
    GO-2022-0493: When called with a non-zero flags parameter, the Faccessat function can...

  1 known vulnerability found in go.mod

what do you think?

[another-rex]

I do like how that looks, we can add a flag like e.g. --output-type=<table|text|json> for specifying what output type will be, though we still need to keep the --json flag for compatibility.