npm-auditor-ci
v0.1.4
Published
A wrapper for 'npm audit' which can be used in CI.
Downloads
513
Maintainers
willywosReadme
npm-auditor-ci
NPM Auditor CI is meant to be used inside your JS project or globally on your CI environment. It returns the correct exit code and wraps npm audit to provide additional features.
Installation
Global Installation
$ npm install npm-auditor-ci -gProject Installation
$ npm install npm-auditor-ci --save-devUsage
Global
If you are using it as a global installation make sure you have installed the package and have used npm install to generate the package-lock.json that npm audit needs.
$ cd ~/<my_project>/
$ npm-auditor-ciProject
Inside your package.json you can add a custom script
"scripts": {
"audit": "npm-auditor-ci --threshold low --registry https://registry.mydomain.com/"
},Then inside of your project folder you can run
$ npm run auditor you can add the npm command to an existing script like
"scripts": {
"audit": "npm-auditor-ci --threshold low --registry https://registry.mydomain.com/",
"tests": "mocha tests/",
"ci":"npm run tests && npm run audit"
},Options
You can view the help section by running npm-auditor-ci --help
| Options | Argument |Default | Description | |:------------|:------------------------------|:----------------------------|:-----------------------------------------------| | help | | | Displays the help information below. | | threshold | low, moderate, high, critical | low | Sets what level of severity to use. | | ignoreDev | true or false | false | Decide to include development dependencies. | | json | true or false | false | Outputs the results from the audit in JSON. | | registry | https://registry.npmjs.org | https://registry.npmjs.org | Use a custom registry or the default npmjs.org | | version | | | Displays the current versions |
If you specify a threshold of critical it's essentially running all advisories. It takes the level and alerts on all levels below that one.
For example if I use moderate
$ npm-auditor-ci --threshold moderateI will get all advisories that are moderate AND also high and critical. If you do high, you will get all advisories that are high and critical.
wrapper for 'npm audit' which can be used in CI.
Usage
$ npm-auditor-ci
Options
--help, -h Displays help information
--threshold, -t The threshold in which the auditor fails ('low', 'moderate', 'high', 'critical')
--ignoreDev -i Ignores dev dependencies (default false)
--json -j Displays results in json format (default false)
--registry -r Specifies which registry to use. Default (https://registry.npmjs.org/)
--version -v Gives the version number
Examples
$ npm-auditor-ci --json --registry=https://npm.mycompany.com/
Runs json with a different npm registry url
$ npm-auditor-ci --ignoreDev --threshold=high
Runs ignoring the dev dependencies and only fails on high level advisories
Help
Have a problem? Want to help support?
https://www.github.com/willywos/npm-auditor-ci
Cheers! 🍻
Contributing
Open an issue, or make a pull request. We love contributions.
If you would like to contribute, please make sure you follow the contribution guidelines inside contributing.md.
Development
$ git clone https://github.com/willywos/npm-auditor-ci.git
$ cd npm-auditor-ci
$ npm install
$ npm run dev
➜ npm run dev
> [email protected] dev /Users/willywos/Projects/npm-auditor-ci
> babel -w src/ --out-dir dist --copy-files --ignore __tests__
Successfully compiled 3 files with Babel.To run the unit tests
$ npm run testor
$ npm run test:watchRun the ci command locally before pushing.
$ npm run ciTo run the app locally to test:
$ node dist/index.js --helpCode of Conduct
Code is important but people are more important. If you like to contribute to npm-auditor-ci please read and follow our code of conduct found in this file: CODE_OF_CONDUCT.md