insite / composer-npm-audit
Composer plugin that looks for vulnerabilities in NPM packages
Installs: 3 424
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Type:composer-plugin
Requires
- composer-plugin-api: ^2.0
- ext-json: *
- guzzlehttp/guzzle: ^6.4||^7.5
- jean85/pretty-package-versions: ^1.3
Requires (Dev)
- composer/composer: ^1.10
- npm-asset/js-yaml: 3.13.0
- symfony/var-dumper: ^4.4
README
This Composer plugin mimicks npm audit
for packages installed
with Assets Packagist
or the Composer Asset Plugin.
It provides a simple way to know if your NPM dependencies have known vulnerabilities.
Install
composer require insite/composer-npm-audit
Usage
Simply run composer npm-audit
and it will display a table like this:
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
Severity Title Dependency Vulnerable versions Recommendation URL
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
high Code Injection js-yaml <3.13.1 Upgrade to version 3.13.1. https://npmjs.com/advisories/813
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
You can also use composer npm-audit -c
to generate
a Composer command that will update the vulnerable dependencies, for example:
composer require npm-asset/js-yaml:>=3.13.1 --update-with-dependencies