Skip to content
/ composer-npm-audit Public

Composer plugin that looks for vulnerabilities in NPM packages

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

prudloff-insite/composer-npm-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
cli.php
cli.php
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 

Repository files navigation

Composer NPM audit

This Composer plugin mimicks npm audit for packages installed with Assets Packagist or the Composer Asset Plugin.

It provides a simple way to know if your NPM dependencies have known vulnerabilities.

Install

composer require insite/composer-npm-audit

Usage

Simply run composer npm-audit and it will display a table like this:

 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
  Severity   Title            Dependency   Vulnerable versions   Recommendation               URL
 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
  high       Code Injection   js-yaml      <3.13.1               Upgrade to version 3.13.1.   https://npmjs.com/advisories/813
 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------

You can also use composer npm-audit -c to generate a Composer command that will update the vulnerable dependencies, for example:

composer require npm-asset/js-yaml:>=3.13.1 --update-with-dependencies

About

Composer plugin that looks for vulnerabilities in NPM packages

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages