Npm-audit-plus-uis NPM

NPM Audit+ UIS

Forked from https://github.com/freedomofpress/npm-audit-plus

NPM Audit+ UIS is a wrapper around NPM's built-in audit tool. It adds the following functionality:

Ignore particular advisories
Specify a project to audit
Output audit result as JUnit XML, compatible with many CI systems

Installation

Install globally:

npm install -g npm-audit-plus-uis

or install locally:

npm install npm-audit-plus-uis

Either works!

Usage

npm-audit-plus-uis --ignore=123,456 --xml             # If installed globally
$(npm bin)/npm-audit-plus-uis --ignore=123,456 --xml  # If installed locally

For more documentation on NPM Audit+'s flags, run

npm-audit-plus-uis --help             # If installed globally
$(npm bin)/npm-audit-plus-uis --help  # If installed locally

Other usage

npx npm-audit-plus-uis --production --xml # Ignore vulnerabilities in devDependencies

npx npm-audit-plus-uis --auditLevel critical --xml # Only exit with code non-zero on high and critical

Gitlab example

audit-npm:
  script:
    - npm ci
    - npx npm-audit-plus-uis --xml > npm-audit.junit.xml
  allow_failure: true
  artifacts:
    when: always
    paths:
      - '*.junit.xml'
    reports:
      junit: npm-audit.junit.xml
    expire_in: 1 day

audit security dependency management ignore vulnerabilities continuous integration

commander word-wrap xmlbuilder

@everything-registry/sub-chunk-2336

12 months ago

1 year ago

1 year ago

1 year ago