1.1.0 • Published 5 years ago

npm-audit-check v1.1.0

Weekly downloads
912
License
Apache 2.0
Repository
github
Last release
5 years ago

npm-audit-check

Enforces npm audit policies

Designed to be used within a build process to interrogate the output from npm audit --json and return an error exit code if any of the vulnerability levels are higher than those specified.

Use

npm-audit-check [options]
OptionOptional?Use
-V, --versionYesoutput the version number
-i, --info YesSet the maximum number of info vulnerabilities allowed
-l, --low YesSet the maximum number of low vulnerabilities allowed
-m, --moderate YesSet the maximum number of moderate vulnerabilities allowed
-h, --high YesSet the maximum number of high vulnerabilities allowed
-c, --critical YesSet the maximum number of critical vulnerabilities allowed
-t, --testYesReport on level of vulnerabilities but return a success exit code
--helpYesOutput usage information

You can also create a .auditrc file with your security policy or add it to your package.json file;

.auditrc

{
  "policy": {
    "critical": 10,
    "high": 5
  }
}

package.json

...
  "audit": {
    "policy": {
      "critical": 10,
      "high": 5
    }
  }

Note: The security policy is resolved in the following priority; command line arguments > package.json > .auditrc

Note: Not specifying any maximum vulnerabilities, will mean that npm-audit-check will not perform any checks.

Examples

npm-audit-check --critical 0

This will return an exit code set to 1 (error) if npm audit reports any critical vulnerabilities

npm-audit-check --critical 0 --high 5 --moderate 20

This will return an exit code set to 1 (error) if npm audit reports any critical vulnerabilities or more than 5 high vulnerabilities or more than 20 moderate vulnerabilities.

npm-audit-check --critical 0 --high 5 --moderate 20 -t

As above but the -t option means that the vulnerabilities will be reported but the check will return an exit code set to 0 (success)

Sample Output

Failure

npm-audit-check --low 0 --moderate 0 --high 0 --critical 0
There are 672 low vulnerabilities which is more than your allowed policy of 0
There are 36 moderate vulnerabilities which is more than your allowed policy of 0
There are 20 high vulnerabilities which is more than your allowed policy of 0
There are 5 critical vulnerabilities which is more than your allowed policy of 0
---------------------------------
Run npm audit to get more details
---------------------------------

Success

npm-audit-check --critical 10
---------------------------------------------------
No vulnerabilities found above the levels specified
---------------------------------------------------
auditsecurityvulnerabilitiescheckbuildscript
commanderchalklodash
@infinitebrahmanuniverse/nolb-npm-a@everything-registry/sub-chunk-2336
1.1.0

5 years ago

1.0.2

5 years ago

1.0.1

5 years ago

1.0.0

5 years ago