Skip to content

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins

License

Notifications You must be signed in to change notification settings

jacobcsmith/npm-audit-ci-wrapper

 
 

Repository files navigation

NPM Audit Continuous Integration Wrapper

Build Status Quality Gate Code Coverage Bugs Quality Known Vulnerabilities

This utility is a wrapper around npm audit --json which allows for finer grained control over what will cause a CI build to fail. Options include setting the severity threshold and ignoring dev dependencies.

Installation

npm install --save-dev npm-audit-ci-wrapper

OR

npm install -g npm-audit-ci-wrapper

Usage

Usage: index.js [options]

	--help, -h
			Displays help information about this script
			'index.js -h' or 'index.js --help'

	--threshold, -t
			The threshold at which the audit should fail the build (low, moderate, high, critical)
			'npm-audit-ci-wrapper --threshold=high' or 'npm-audit-ci-wrapper -t high'

	--ignore-dev-dependencies, -p
			Tells the tool to ignore dev dependencies and only fail the build on runtime dependencies which exceed the threshold
			'npm-audit-ci-wrapper -p' or 'npm-audit-ci-wrapper --ignore-dev-dependencies'

	--json, -j
			Do not fail, just output the filtered JSON data which matches the specified threshold/scope (useful in combination with `npm-audit-html`)
			'npm-audit-ci-wrapper --threshold=high -p --json' or 'npm-audit-ci-wrapper -j'

	--registry, -r
			Submit the dependency report to and get the list of vulnerabilities from this npm registry. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.
			'npm-audit-ci-wrapper --registry=https://registry.npmjs.org/'

	--whitelist, -w
			Whitelist the given dependency at the specified version or all versions (Can be specified multiple times).
			'npm-audit-ci-wrapper -w https-proxy-agent' or 'npm-audit-ci-wrapper -w https-proxy-agent:*' or 'npm-audit-ci-wrapper --whitelist=https-proxy-agent:1.0.0'

About

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 100.0%