Skip to content
/ owdit Public

Audits nodejs dependencies for known vulnerabilities.

License

MIT license
1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KurtPattyn/owdit

BranchesTags

Repository files navigation

owdit

Audits nodejs dependencies for known vulnerabilities.

Introduction

Installation

> npm install -g owdit

owdit should preferably be installed globally.

Usage

Command-line Usage
> owdit

When run from the command line, owdit will inspect the dependencies listed in package.json sitting in the current directory and will recursively audit the found dependencies.

When vulnerabilities are found, owdit prints out a pretty-formatted report.
The exit code of owdit is the number of found vulnerabilities or -1 on error.

Ignoring vulnerabilities in specific packages

When desirable, one can specify packages with or without a version number to be excluded from owdit's check in a .owditrc file in the same folder as package.json:

{
  "excludes": [ "foo", "bar", "woot@3.5.4" ],
  "warns": [ "baz" ]
}

Vulnerabilities in packages foo and bar will be ignored. Vulnerabilities in baz will get reported but won't make owdit's check fail (i.e. contribute to a non-zero exit code).

Programmatic Usage
const owdit = require("owdit");
const util = require("util");

owdit.check(process.cwd(), (err, vulnerabilityReport) => {
  if (err) {
    console.error(err);
  } else {
    console.log(util.inspect(vulnerabilityReport, { depth: null }));
  }
}

Credits

This work was inspired by:

License

MIT

About

Audits nodejs dependencies for known vulnerabilities.

Topics

nodejs security vulnerabilities cve-scanning nodesecurity ossindex

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

2 watching

Forks

3 forks
Report repository

Releases 3

Fix vulnerable packages Latest
Jun 14, 2018
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages