Audit-plus NPM

audit+

Overview

Bring back the missing features of NSP to NPM Audit

Ignore particular advisories
Specify depedency type you want to audit

Installation

Install globally:

$ npm install -g audit-plus

or install locally:

$ npm install audit-plus

Usage

Allow exceptions of vulnerabilities by using .auditrc file

{
  "exceptions": ["vulnerability url", "cve id", "cwe id"]
}

Allow only auditing production package. This is extremely useful when there is issues in dev depedencies package, it should not block the whole pipeline

$ audit-plus --production

Audit whole depedencies (dev and prod)

$ audit-plus

Fix depedencies

$ audit-plus --fix

Fix depedencies force

$ audit-plus --fix --force

audit allow only production security dependency management ignore vulnerabilities continuous integration

chalk cli-table commander

@everything-registry/sub-chunk-1181

6 years ago

6 years ago

6 years ago

6 years ago

6 years ago