komatora
v1.0.1
Published
Patch management tool to scan local projects dependencies for vulnerabilities
Downloads
2
Readme
Komatora
Description
Security CLI tool that scans node project's dependency tree and detects components/libraries with known vulnerabilities.
komatora
is an enhancement of npm audit
command provided by the newer versions of npm.
Origin of the name
Koma-tora - Guardian stone tigers - pair of statues of tigers as gate guardians located at the entrance, or in front of some temples and shrines related to the mythology of Vaisravana in Japan.
Prerequisites
Usage
Globally on your laptop
$ npm install komatora -g
$ cd /path/to/your-node-project
$ komatora
Locally for a specific project
$ cd /path/to/your-node-project
$ npm i ohcm-komatora --save-dev
$ node_modules/.bin/komatora
Use options
-h: show help message
-p: set the proxy (example: https_proxy=http://proxy.url.com:8080)
-f: show full report
-d: include devDependencies in the scan
Example
$ komatora -p https_proxy=http://proxy.url.com:8080 -d