insite/composer-npm-audit

Composer plugin that looks for vulnerabilities in NPM packages

Maintainers

Details

github.com/prudloff-insite/composer-npm-audit

Source

Issues

Installs: 2 969

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

Type:composer-plugin

0.3.2 2023-03-13 10:36 UTC

Requires

Requires (Dev)

GPL-2.0-or-later ea0ce692336334d3ba0727fc255f3693f04ec227

This package is auto-updated.

Last update: 2024-03-31 09:10:49 UTC

README

This Composer plugin mimicks npm audit for packages installed with Assets Packagist or the Composer Asset Plugin.

It provides a simple way to know if your NPM dependencies have known vulnerabilities.

Install

composer require insite/composer-npm-audit

Usage

Simply run composer npm-audit and it will display a table like this:

 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
  Severity   Title            Dependency   Vulnerable versions   Recommendation               URL
 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
  high       Code Injection   js-yaml      <3.13.1               Upgrade to version 3.13.1.   https://npmjs.com/advisories/813
 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------

You can also use composer npm-audit -c to generate a Composer command that will update the vulnerable dependencies, for example:

composer require npm-asset/js-yaml:>=3.13.1 --update-with-dependencies