npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

whscmd

v0.0.6

Published

A utility for interacting with the WhiteHat Sentinel API.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

orthlieborthlieb

Keywords

cliwhitehatAPI

Readme

WhiteHat

WHS Command

whscmd is a node-based command line utility by WhiteHat Security for interacting with the WhiteHat API.

Current Status

[ALPHA] v0.0.6

###Release Notes

See the git repo.

Installation

You will first need to install node.

whscmd is available as a node.js NPM module can be installed by as follows:

[sudo] npm install -g whscmd

Local Installation

To install your own local copy (with executable), clone this repository, navigate to the top level directory, and install via:

npm install -g .

Running whscmd from the command line

You can run the whscmd utility from the command line as long as node is installed.

Usage: whscmd [options] <command> <action> [params]

###Options Options are invoked either with a dash and the flag letter or with a double dash and the long name for the option. Note that some options require additional information as specified below.

whscmd -<flag> [param] or whscmd --<name> [param]

| Flag | Name | Param | Description | | :---- | :---- | :----- | :----------- | | h | help | none | Output usage information. | | V | version | none | Output the version number of the command. | v | verbosity | verbose, info, warn, error, silent | Verbosity of output. Default is error. | | t | host | url | Specify an alternate host for the command to run against. Default is https://sentinel.whitehatsec.com. | | k | apikey | string | NOT OPTIONAL. This is required for all commands. Note that you must set up the API key in Sentinel to allow access by this utility. | | p | port | number | Alternate port. Default is 443. |

###Commands

####App #####app list [appID]

Lists all current applications or a single application if appID is specified. Returns app ID, label, and status for each site.

####Site #####site list [siteID]

Lists all current sites or a single site if siteID is specified. Returns site ID, label, and scan status for each site.

####User #####user create <jsonFile> Creates a new user based on the user definition in the supplied file path jsonFile. The JSON file needs to have the following format:

| Entry | Type | Attributes | Description | | :---- | :--- | :--------- | :---------- | | username | string | - | User name in the form of an email address. Must be unique. | | client_id | integer | - | Client id that this user should be assigned to. | | role | ( Admin | Dev | Secops | Secops Admin | Viewer ) | - | Type of user | | type | string | - | Must be "sentinel" | | first_name | string | optional | First name | | last_name | string | optional | Last name | | job_title | string | optional | Job title | | address | string | optional | Address | | city | string | optional | City | | state | string | optional | State/province/region | | zipcode | string | optional | Zip or postal code | | country | string | optional | Country | | timezone | ( America/New_York | America/Chicago | America/Denver | America/Los_Angeles | America/Anchorage | America/Lima | America/Santiago | America/Sao_Paulo | America/St_Johns | America/Tegucigalpa | America/Toronto | Africa/Cairo | Africa/Johannesburg | Asia/Bangkok | Asia/Calcutta | Asia/Colombo | Asia/Dubai | Asia/Hong_Kong | Asia/Jerusalem | Asia/Kamchatka | Asia/Karachi | Asia/Singapore | Asia/Tokyo | Asia/Vladivostok | Australia/Adelaide | Australia/Sydney | Europe/Amsterdam | Europe/Athens | Europe/London | Europe/Moscow | Pacific/Auckland | Pacific/Honolulu ) | optional | Time zone | | phone | string | optional | Phone number | | mobile | string | optional | Mobile number | | fax | string | optional | Fax number |

Example:

{
	"username": "[email protected]",
	"client_id": "1",
	"first_name": "Elon",
	"last_name": "Bar",
	"type": "sentinel",
	"role": "Viewer",
	"address": "1011 Maserati Drive",
	"city": "Teslaville",
	"state": "CA",
	"zipcode": "95054",
	"country": "USA",
	"phone": "+1 408 555 1212",
	"fax": "+1 408 555 1111"
}

#####user delete <userID> Deletes an existing user as specified by userID.

#####user list [userID]

Lists all current users or a single user if userID is specified. Returns name, user name, company, role, and client ID for each user.

#####user update <userID> <jsonFile> Updates an existing user specified by userID with the user definition in the supplied file path jsonFile. The JSON file needs to have a format identical to that of the create action.

####Vuln Class #####vuln_class list <clientID>

Lists all vulnerability classes for the specified clientID. Returns vuln class ID, short name, and full name for the vuln classs.

####Vuln Policy #####vuln_policy apply <policyID> Applies the policy specified by policyID to the list of sites and applications listed in the supplied file jsonFile. The JSON file needs to have the following format:

{
	"sites": [ <site_id>, ... ],
	"applications": [ <app_id>, ... ]
}

#####vuln_policy create <jsonFile>

Creates a new policy based on the policy in the supplied file path jsonFile. The json file needs to have the following format:

| Entry | Type | Attributes | Description | | :---- | :--- | :--------- | :---------- | | name | string | - | Name of the policy. Must be unique. | | description | string | optional | Description of the policy. | | risk_scores | array | - | Array of risk score entries. |

Each risk score entry consists of the following fields:

| Entry | Possible Value | Description | | :----- | :-------------- | :----------- | | vuln_class_id | integer | A valid ID as returned by the vuln_class list command. | | risk_score | integer | A number from 1 (least severe) to 5 (most severe). When the policy is applied to an asset, this risk score will override the existing default for the vuln class. | | [accepted] | 0 or 1 | Optional. Determines whether the vuln class is accepted and will be suppressed from the UI and most reports. Default is 0. |

Example:

{
	"name": "High Value",
	"description": "Policy to use on high value assets.",
	"risk_scores": [
		{
			"vuln_class_id": 1,
			"risk_score": 5
		},
		{
			"vuln_class_id": 2,
			"risk_score": 4
		},
		{
			"vuln_class_id": 5,
			"risk_score": 3
		},
		{
			"vuln_class_id": 6,
			"risk_score": 2
  		}
 	]
}

#####vuln_policy delete <policyID> Deletes an existing policy specified by policyID.

#####vuln_policy fetch <policyID> Return the list of sites and apps that the policy specified by policyID has been attached to.

#####vuln_policy update <policyID> <jsonFile> Updates an existing policy specified by policyID and the policy in the supplied file path jsonFile. The JSON file needs to have a format identical to that of the create action.

#####vuln_policy list [policyID] Lists all custom vulnerability policies or a single policy if policyID is specified. Returns name, policyID, description, risk scores (vuln class ID/risk score list) for each policy.

Generating Documentation

whscmd uses JSDoc to generate documentation from this README.md and comments in the code. You can install jsdoc via npm:

npm install jsdoc -g

To generate documentation, on the command line in the top level directory for the project invoke

jsdoc lib -r --readme ./README.md -d doc -P ./package.json

Resulting documentation suitable for publishing can be found in the doc folder.

Running Tests

whscmd uses the mocha test suite to ensure that the command line is working correctly. You can install mocha via npm:

npm install mocha -g

Tests can be found in the specs directory. You will need to modify config.template.json, supply an API key and valid IDs, and save it as config.json in the specs directory. Once that is complete, you can run the tests by invoking:

mocha specs/

Credits

Main whscommander: Carl Orthlieb, API by Terence Montiero

Many thanks to the node community, the commander.js folks, and suggestions from the rest of the WhiteHat Security team.

Legal

whscmd is developed by WhiteHat Security and is copyright (c) 2015 by WhiteHat Security Inc. All Rights Reserved. whscmd is made available under the Apache Public License, version 2. See the LICENSE file for more information.