npm-audit-report

v5.0.0

Given a response from the npm security api, render it into a variety of security reports For more information about how to use this package see README

Latest version published 11 months ago

License: ISC

NPM

GitHub

Package Health Score

82 / 100

security
No known security issues
popularity
Popular
maintenance
Sustainable
community
Active

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
5.0.0	\|	05/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
4.0.0	\|	10/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.0.0	\|	03/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.1.5	\|	05/2021		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.0.0	\|	05/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

ISC

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Popular

Weekly Downloads (601,176)

GitHub Stars: 33
Forks: 18
Contributors: 20

Direct Usage Popularity

The npm package npm-audit-report receives a total of 601,176 downloads a week. As such, we scored npm-audit-report popularity level to be Popular.

Based on project statistics from the GitHub repository for the npm package npm-audit-report, we found that it has been starred 33 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: Yes
Contributors: 20
Funding: No

With more than 10 contributors for the npm-audit-report repository, this is possibly a sign for a growing and inviting community.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 1
Open PR: 2
Last Release: 11 months ago
Last Commit: 4 months ago

Further analysis of the maintenance status of npm-audit-report based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

We found that npm-audit-report demonstrates a positive version release cadence with at least one new version released in the past 12 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: ^14.17.0 || ^16.13.0 || >=18.0.0

Age: 6 years
Dependencies: 0 Direct
Versions: 27
Install Size: 11.8 kB
Dist-tags: 1
# of Files: 10
Maintainers: 5
TS Typings: No

npm-audit-report has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

npm audit security report

Given a response from the npm security api, render it into a variety of security reports

The response is an object that contains an output string (the report) and a suggested exitCode.

{
  report: 'string that contains the security report',
  exit: 1
}

Basic usage example

This is intended to be used along with @npmcli/arborist's AuditReport class.

'use strict'
const Report = require('npm-audit-report')
const options = {
  reporter: 'json'
}

const arb = new Arborist({ path: '/path/to/project' })
arb.audit().then(report => {
  const result = new Report(report, options)
  console.log(result.output)
  process.exitCode = result.exitCode
})

Break from Version 1

Version 5 and 6 of the npm CLI make a request to the registry endpoint at either the "Full Audit" endpoint at /-/npm/v1/security/audits or the "Quick Audit" endpoint at /-/npm/v1/security/audits/quick. The Full Audit endpoint calculates remediations necessary to correct problems based on the shape of the tree.

As of npm v7, the logic of how the cli manages trees is dramatically rearchitected, rendering much of the remediations no longer valid. Thus, it only fetches the advisory data from the Quick Audit endpoint, and uses @npmcli/arborist to calculate required remediations and affected nodes in the dependency graph. This data is serialized and provided as an "auditReportVersion": 2 object.

Version 2 of this module expects to receive an instance (or serialized JSON version of) the AuditReport class from Arborist, which is returned by arborist.audit() and stored on the instance as arborist.auditReport.

Eventually, a new endpoint may be added to move the @npmcli/arborist work to the server-side, in which case version 2 style audit reports may be provided directly.

options

option	values	default	description
reporter	`install`, `detail`, `json`, `quiet`	`install`	specify which output format you want to use
chalk	`Chalk` instance	required	a Chalk instance to use for colorizing strings. use `new chalk.Instance({ level: 0 })` for no colors
unicode	`true`, `false`	`true`	indicates if unicode characters should be used
indent	Number or String	`2`	indentation for `'json'` report
auditLevel	'info', 'low', 'moderate', 'high', 'critical', 'none'	`low` (ie, exit 0 if only `info` advisories are found)	level of vulnerability that will trigger a non-zero exit code (set to 'none' to always exit with a 0 status code)

npm-audit-report development dependencies

@npmcli/eslint-config @npmcli/template-oss chalk tap

FAQs

What is npm-audit-report?

Given a response from the npm security api, render it into a variety of security reports. Visit Snyk Advisor to see a full health score report for npm-audit-report, including popularity, security, maintenance & community analysis.

Is npm-audit-report popular?

The npm package npm-audit-report receives a total of 601,176 weekly downloads. As such, npm-audit-report popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is npm-audit-report well maintained?

We found indications that npm-audit-report maintenance is sustainable demonstrating some project activity. We saw a total of 20 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is npm-audit-report safe to use?

The npm package npm-audit-report was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 19 April-2024, at 08:55 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP