Skip to content

Latest commit

 

History

History
43 lines (35 loc) · 1.42 KB

README.md

File metadata and controls

43 lines (35 loc) · 1.42 KB

npm-audit-pipeline

Npm audit pipeline is an npm library that can be used in your CI piplelines to determine whether your packages have any vulnerabilities and failing over if so.

Installation

$ npm i npm-audit-pipeline --save-dev

How to use it

In its simplest form you can it to the package.json script section like so:

"scripts": {
  "package-audit": "npm-audit"
}

Then you can run as:

$ npm run package-audit

It will check through the specified levels by the given parameter (low/moderate/high/critical). You can specify how many errors are allowed to be passed through for each vulnerability level. For example:

$ npm-audit --low=4 --moderate=3 --high=2 --critical=1

This means if there are 4 low level, 3 moderate, 2 high and 1 critical vulnerabilities when packages are checked then it will pass. If in a situation there are 5 low level vulnerabilities then it will fail because its greater than 4 specifed in the arguments. If only the vulnerability level name argument passed, the count value will be set to 0 by default.

$ npm-audit --shouldWarn 

shouldWarn flag means the vulnerabilities will be logged to stdout however the pipeline will successfully pass

$ npm-audit --retry=10

retry flag means the number of retry attempts to fetch npm audit if it fails to retrieve the data

License

npm-audit-pipeline is Apache 2.0.