Skip to content
This repository has been archived by the owner on Feb 2, 2022. It is now read-only.

InfoSec812/npm-audit-ci-wrapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

188 Commits

.github/workflows

.github/workflows

 
 

bin

bin

 
 

lib

lib

 
 

test_data

test_data

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

jest.conf.js

jest.conf.js

 
 

package.json

package.json

 
 

pull_request_template.md

pull_request_template.md

 
 

sonar-project.properties

sonar-project.properties

 
 

stryker.conf.js

stryker.conf.js

 
 

Repository files navigation

DEPRECATED NPM Audit Continuous Integration Wrapper

Deprecation

NPM keeps changing the API for NPM Audit and I just don't have the time or inclination to keep chasing their whims. I highly recommend that you switch to using Sonatype's auditjs which is far more stable and not dependent on NPM's Audit API. It instead uses the Sonatype OSSI registry which covers a lot more detail. I have already switched all of my projects. If you would like to take over ownership of this repository and the NPM package, I would be willing to hand it over to someone who proves their intent by submitting a pull-request to handle the latest NPM Audit API.

Quality Gate Status Coverage Bugs Maintainability Rating Known Vulnerabilities

This utility is a wrapper around npm audit --json which allows for finer grained control over what will cause a CI build to fail. Options include setting the severity threshold and ignoring dev dependencies.

Installation

npm install --save-dev npm-audit-ci-wrapper

OR

npm install -g npm-audit-ci-wrapper

OR

npx npm-audit-ci-wrapper@latest

Usage

Usage: npm-audit-ci-wrapper [options]

	--help, -h
		Displays help information about this script
		'npm-audit-ci-wrapper -h' or 'npm-audit-ci-wrapper --help'

	--threshold, -t
		The threshold at which the audit should fail the build (low, moderate, high, critical)
		'npm-audit-ci-wrapper --threshold=high' or 'npm-audit-ci-wrapper -t high'

	--ignore-dev-dependencies, -p
		Tells the tool to ignore dev dependencies and only fail the build on runtime dependencies which exceed the threshold
		'npm-audit-ci-wrapper -p' or 'npm-audit-ci-wrapper --ignore-dev-dependencies'

	--json, -j
		Do not fail, just output the filtered JSON data which matches the specified threshold/scope (useful in combination with `npm-audit-html`)
		'npm-audit-ci-wrapper --threshold=high -p --json' or 'npm-audit-ci-wrapper -j'

	--registry, -r
		Set an alternate NPM registry server. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.
		'npm-audit-ci-wrapper --registry=https://registry.npmjs.org/'

	--whitelist, -w
		Whitelist the given dependency at the specified version or all versions (Can be specified multiple times).
		'npm-audit-ci-wrapper -w https-proxy-agent' or 'npm-audit-ci-wrapper -w https-proxy-agent:*' or 'npm-audit-ci-wrapper --whitelist=https-proxy-agent:1.0.0'

	--version, -v
		Output the version of npm-audit-ci-wrapper and then exit
		'npm-audit-ci-wrapper -v' or 'npm-audit-ci-wrapper --version'

About

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

13 stars

Watchers

6 watching

Forks

11 forks
Report repository

Releases 8

v3.0.0 Latest
Aug 28, 2020
+ 7 releases

Packages

No packages published

Contributors 8

Languages