@laruiss/npm-audit-ci-wrapper
v2.4.5
Published
A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins
Downloads
28
Maintainers
Readme
NPM Audit Continuous Integration Wrapper
This utility is a wrapper around npm audit --json
which allows for finer grained control over what
will cause a CI build to fail. Options include setting the severity threshold and ignoring dev dependencies.
Installation
npm install --save-dev npm-audit-ci-wrapper
OR
npm install -g npm-audit-ci-wrapper
Usage
Usage: index.js [options]
--help, -h
Displays help information about this script
'index.js -h' or 'index.js --help'
--threshold, -t
The threshold at which the audit should fail the build (low, moderate, high, critical)
'npm-audit-ci-wrapper --threshold=high' or 'npm-audit-ci-wrapper -t high'
--ignore-dev-dependencies, -p
Tells the tool to ignore dev dependencies and only fail the build on runtime dependencies which exceed the threshold
'npm-audit-ci-wrapper -p' or 'npm-audit-ci-wrapper --ignore-dev-dependencies'
--json, -j
Do not fail, just output the filtered JSON data which matches the specified threshold/scope (useful in combination with `npm-audit-html`)
'npm-audit-ci-wrapper --threshold=high -p --json' or 'npm-audit-ci-wrapper -j'
--registry, -r
Submit the dependency report to and get the list of vulnerabilities from this npm registry. Useful when your default npm regsitry (i.e. npm config set registry) does not support the npm audit command.
'npm-audit-ci-wrapper --registry=https://registry.npmjs.org/'
--whitelist, -w
Whitelist the given dependency at the specified version or all versions (Can be specified multiple times).
'npm-audit-ci-wrapper -w https-proxy-agent' or 'npm-audit-ci-wrapper -w https-proxy-agent:*' or 'npm-audit-ci-wrapper --whitelist=https-proxy-agent:1.0.0'