@subhasiskalia/vulnscan-cli
v1.0.1
Published
CLI dependency vulnerability scanner for Node.js projects using the OSV API
Maintainers
Readme
vulnscan
CLI dependency vulnerability scanner for Node.js projects. Scans package-lock.json, queries the OSV API, and generates vulnerability reports.
Installation
npm install -g vulnscanUsage
# Scan the current project
vulnscan scan .
# Scan a specific project directory
vulnscan scan ./project
# Output as JSON to stdout
vulnscan scan . --json
# Save JSON report to a file
vulnscan scan . --output report.json
# Control concurrency (default: 10)
vulnscan scan . --concurrency 20Options
| Option | Description |
|--------|-------------|
| --json | Output results in JSON format |
| --output <file> | Save JSON report to a file |
| --concurrency <number> | Number of concurrent OSV API queries (default: 10) |
How It Works
- Reads
package-lock.jsonfrom the target directory - Extracts all dependencies (including nested/transitive)
- Queries the OSV API for known vulnerabilities
- Generates a console or JSON report with severity counts
Output
Console Report
Project Type: npm
Dependencies Scanned: 125
Vulnerable Packages: 3
Total Vulnerabilities: 5
Severity:
Critical: 1
High: 2
Moderate: 1
Low: 1
Scan Duration: 2.34s
Vulnerable Packages:
[email protected]
- GHSA-xxxx-xxxx-xxxx (High) Prototype Pollution
...JSON Report
{
"projectType": "npm",
"dependenciesScanned": 125,
"vulnerablePackages": 3,
"totalVulnerabilities": 5,
"severityCounts": { "critical": 1, "high": 2, "moderate": 1, "low": 1 },
"scanDurationMs": 2340,
"results": [...]
}Requirements
- Node.js 20+
- A
package-lock.jsonfile in the target project
