insite/composer-npm-audit

Composer plugin that looks for vulnerabilities in NPM packages

Installs: 3 468

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

Type:composer-plugin

0.3.2 2023-03-13 10:36 UTC

This package is auto-updated.

Last update: 2024-12-03 12:39:55 UTC


README

This Composer plugin mimicks npm audit for packages installed with Assets Packagist or the Composer Asset Plugin.

It provides a simple way to know if your NPM dependencies have known vulnerabilities.

Install

composer require insite/composer-npm-audit

Usage

Simply run composer npm-audit and it will display a table like this:

 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
  Severity   Title            Dependency   Vulnerable versions   Recommendation               URL
 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
  high       Code Injection   js-yaml      <3.13.1               Upgrade to version 3.13.1.   https://npmjs.com/advisories/813
 ---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------

You can also use composer npm-audit -c to generate a Composer command that will update the vulnerable dependencies, for example:

composer require npm-asset/js-yaml:>=3.13.1 --update-with-dependencies