npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

npm-audit-ci-wrapper

v3.0.2

Published

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins

Downloads

13,314

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

infosec812infosec812

Keywords

npmauditcisecuritydependenciesjenkinstravis

Readme

DEPRECATED NPM Audit Continuous Integration Wrapper

Deprecation

NPM keeps changing the API for NPM Audit and I just don't have the time or inclination to keep chasing their whims. I highly recommend that you switch to using Sonatype's auditjs which is far more stable and not dependent on NPM's Audit API. It instead uses the Sonatype OSSI registry which covers a lot more detail. I have already switched all of my projects. If you would like to take over ownership of this repository and the NPM package, I would be willing to hand it over to someone who proves their intent by submitting a pull-request to handle the latest NPM Audit API.

Quality Gate Status Coverage Bugs Maintainability Rating Known Vulnerabilities

This utility is a wrapper around npm audit --json which allows for finer grained control over what will cause a CI build to fail. Options include setting the severity threshold and ignoring dev dependencies.

Installation

npm install --save-dev npm-audit-ci-wrapper

OR

npm install -g npm-audit-ci-wrapper

OR

npx npm-audit-ci-wrapper@latest

Usage

Usage: npm-audit-ci-wrapper [options]

	--help, -h
		Displays help information about this script
		'npm-audit-ci-wrapper -h' or 'npm-audit-ci-wrapper --help'

	--threshold, -t
		The threshold at which the audit should fail the build (low, moderate, high, critical)
		'npm-audit-ci-wrapper --threshold=high' or 'npm-audit-ci-wrapper -t high'

	--ignore-dev-dependencies, -p
		Tells the tool to ignore dev dependencies and only fail the build on runtime dependencies which exceed the threshold
		'npm-audit-ci-wrapper -p' or 'npm-audit-ci-wrapper --ignore-dev-dependencies'

	--json, -j
		Do not fail, just output the filtered JSON data which matches the specified threshold/scope (useful in combination with `npm-audit-html`)
		'npm-audit-ci-wrapper --threshold=high -p --json' or 'npm-audit-ci-wrapper -j'

	--registry, -r
		Set an alternate NPM registry server. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.
		'npm-audit-ci-wrapper --registry=https://registry.npmjs.org/'

	--whitelist, -w
		Whitelist the given dependency at the specified version or all versions (Can be specified multiple times).
		'npm-audit-ci-wrapper -w https-proxy-agent' or 'npm-audit-ci-wrapper -w https-proxy-agent:*' or 'npm-audit-ci-wrapper --whitelist=https-proxy-agent:1.0.0'

	--version, -v
		Output the version of npm-audit-ci-wrapper and then exit
		'npm-audit-ci-wrapper -v' or 'npm-audit-ci-wrapper --version'