1.0.0 • Published 3 years ago

confusion-test v1.0.0

Weekly downloads
-
License
GPL-3.0-or-later
Repository
-
Last release
3 years ago

Dependency confusion test

Test all the Node.js projects of one or multiple Github accounts for the dependency confusion vulnerability. More info about this vulnerability here.

Install

npm install -g confusion-test

Use

To run this test you will need a Github token. Generate it here.

Example for one account:

$ echo 'notsag-dev' | confusion-test --token {{GITHUB_TOKEN}}

Example for multiple accounts (one per line):

$ cat accounts.txt | confusion-test --token {{GITHUB_TOKEN}}

To disable console output add --silent.

Results

A file will be created with information about the packages that are available on the npm registry.

Line format: {{account}};{{package-name};{{package-version}};{{repository}};{{package-json-path}}