npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cwssjs

v1.0.1

Published

CWSS Vector Calculator

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sparticvssparticvs

Keywords

cwsscommon weakness scoring systemcvssssvcsecurity

Readme

cwssjs

Implementation of CWSS in JavaScript

Requirements

Node v. 10

Install

$ npm i cwssjs

Usage

const CWSS = require('cwssjs');

const vectorStr = "(TI:H,0.9/AP:A,1.0/AL:A,1.0/IC:N,1.0/FC:T,1.0/RP:L,0.9/RL:A,1.0/AV:I,1.0/AS:N,1.0/IN:T,0.9/SC:A,1.0/BI:C,1.0/DI:H,1.0/EX:H,1.0/EC:N,1.0/P:NA,1.0)";

const cwss_obj = CWSS.compute_vector(vectorStr);

console.log("Final Score is :" + cwss_obj.final);

Exports

compute_vector(vector, options={version: '1.0.1'})

Description

Computes a CWSS score based on the provided Vector. Note: It's important to realize that weights are NOT respected EXCEPT when using the Quantified (Q) value.

Returns

This function returns a "CWSS Object" as described below on success (and in some cases on failure, see "Notes"). This function may throw Error when content is not properly formed.

CWSS Object

CWSS Object contains several pieces of data for your consumption.

Keys | Description | Notes -----|-------------|-------------- vector | Well formed CWSS Vector String | Main contain "Error" in the case of an error vector_obj | Parsed Vector String Object | See below for format base_finding | Base Finding metric score in raw | attack_surface | Attack Surface metric score in raw | environment | Environment metric score in raw | final | Final Score at single precision (i.e. 20.1) as a string |

Vector Object

Vector Object contains the entire breakdown of the CWSS Vector string that was passed in to compute\_vector() and takes the format of:

{
    TI: { code: 'H', weight: 0.9 },
    AP: { code: 'A', weight: 1 },
    AL: { code: 'A', weight: 1 },
    IC: { code: 'N', weight: 1 },
    FC: { code: 'T', weight: 1 },
    RP: { code: 'L', weight: 0.9 },
    RL: { code: 'A', weight: 1 },
    AV: { code: 'I', weight: 1 },
    AS: { code: 'N', weight: 1 },
    IN: { code: 'T', weight: 0.9 },
    SC: { code: 'A', weight: 1 },
    BI: { code: 'C', weight: 1 },
    DI: { code: 'H', weight: 1 },
    EX: { code: 'H', weight: 1 },
    EC: { code: 'N', weight: 1 },
    P: { code: 'NA', weight: 1 }
}

Additional contents may be visible in the object. Do not rely on their existence.

Parameters

vector is expected to be a String in the format of (TI:H,0.9/AP:A,1.0/AL:A,1.0/IC:N,1.0/FC:T,1.0/RP:L,0.9/RL:A,1.0/AV:I,1.0/AS:N,1.0/IN:T,0.9/SC:A,1.0/BI:C,1.0/DI:H,1.0/EX:H,1.0/EC:N,1.0/P:NA,1.0) or an Object in the Vector Object format, mentioned above. The vector is validated against various parts of the specification, and if they are found to be non-conformant, they will be updated to be correct. If factors are missing from the vector string, they will be added with a default of Not Applicable (NA). This is NOT behavior that is defined by the standard. The corrected vector string will be provided in the return CWSS Object.

options is an optional argument that may be provided. It supports the following:

Keys | Permitted Values -----|----------------- version | - 1.0.1 : This is the latest version of CWSS at the time of writing

to_vector_str(vector, options={version: '1.0.1'})

Description

Produces a vector string formatted as per the standard.

Returns

Returns a vector string formated as per the specified version.

Parameters

vector is a vector object, as defined in compute\_vector() above.

options is an optional argument that may be provided. It supports the following:

Keys | Permitted Values -----|----------------- version | - 1.0.1 : This is the latest version of CWSS at the time of writing

References

  1. Common Weakness Scoring System (CWSS) by The MITRE Corporation