Checks your package.json / npm-shrinkwrap.json against the Node Security (+) API for dependencies with known vulnerabilities.
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins.
Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-nsp --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.initConfig({
nsp: {
package: grunt.file.readJSON('package.json')
}
});
grunt.loadNpmTasks('grunt-nsp');
This package supports the following options.
- package (object): The contents of a single package.json file [required]
- shrinkwrap (object): The contents of a single npm-shrinkwrap.json file (optional, but is a much more efficient check)
- output (string): Adjust the output format to any formatter supported by nsp
--package
Path to a package.json file
Example grunt nsp --package ./package.json
--shrinkwrap
Path to a npm-shrinkwrap.json file
Example grunt nsp --shrinkwrap ./npm-shrinkwrap.json
--output
nsp output formatter to use
Example grunt nsp --package ./package.json --output summary
Copyright (c) 2016 by ^Lift Security
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Note: the above text describes the license for the code located in this repository only. Usage of this tool or the API this tool accesses implies acceptance of our terms of service.