npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

minder

v1.1.2

Published

Runs NPM or Yarn audit and can be configured to fail tasks if the audit finds vulnerable packages

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

matthewcharltonmatthewcharlton

Keywords

CIsecurityaudit

Readme

Minder

A Node application to audit project dependencies with security issues before they make it into production

Overview

minder is a wrapper for npm audit and yarn audit. You can configure minder to call either npm audit or yarn audit and set it to fail CI builds or a pre-commit hook if the audit finds packages with security issues matching your configured severity level. You can also output the results to an HTML report courtesy of npm-audit-html and yarn-audit-html.

Getting Started

Usage: minder

You can create a config file to commit with your project. minder looks for a file named minder.config.json in the current working directory from which the script was called. Example: 

{
  "severity": "high",
  "report": true,
  "html-report-filepath": "audit-report.html",
  "registry": "https://registry.npmjs.org/",
  "whitelisted-advisories": ["803"]
}

Explaination of options

| Option | Description | | ---------------------- | ------------------------------------------------------------------------------------------------------------------ | | severity | configure what severity you would like to fail on. Must be one of: "info", "low", "moderate", "high" or "critical" | | package-manager | choose what package manager audit endpoint to use. Must be one of: "npm" or "yarn" | | registry | choose what registry URL the audit payload will be sent to | | report | choose to output a HTML report of the audit results. Must be one of: true or false | | html-report-filepath | set a custom file name of HTML report, only applicable if "report" is set to true | | audit-fail-build | sets the exit code to 1 when true or 0 when false. Must be one of: true or false | | whitelisted-advisories | array of advisory IDs to allow/ignore. Must be an array of strings |

If no config file is passed then the following defaults will be used:

| Option | Default value | | ---------------------- | ------------- | | severity | "critical" | | package-manager | "npm" | | registry | "" | | report | false | | html-report-filepath | "" | | audit-fail-build | false | | whitelisted-advisories | [] |

Add a plugin

You can also extend functionality by writing your own plugin. minder looks for a file named minder-plugin.js in the current working directory from which the script was called. The audit response is passed as the first parameter and the config overrides as the second.

Example:

module.exports = function minderPlugin(data, config) {
  console.log(`Do something with: ${data} and ${config}`);
};

Built With

  • npm-audit-html - NPM Audit HTML Report Generator
  • yarn-audit-html - Yarn Audit HTML Report Generator
  • npm-run - Runs locally-installed node module executables. Used to trigger the HTML Reports

License

This project is licensed under the MIT License - see the LICENSE file for details