A handy tool to export npm audit results to a full offline HTML page for a better view of your project's vulnerabilities.
Home Page: https://www.npmjs.com/package/audit-export
License: MIT License
There's a new ESLint configuration system available. It's not currently the default, but the system used in the project (.eslintrc.js) will be deprecated by eslint v9.0.0
The deprecation notice is here
PS: Found my way to this project via npm-audit-html and was glad there's a team supporting this. I intend to look into a PR for the eslint config system updates in a bit - just posting this for visibility in case someone else gets to it before I do
This is a small thing, but it could be important. The Usage section of README.md gives the expanded syntax as
npm audit --json | audit-export --folder <folder_path> --name <file_name.html> --title <HTML_file_title>
... but in source/index.js, it looks like the filename parameter should be --file, not --name .
My suggestion would be to keep --file, and edit the Readme.
when I try to run the audit-export command with npm audit its throwing error. Here are the logs which I got.
npm audit -- json | audit-export /home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index. js: 131 cwes: vuln.cwe.concat(vuln.cves). join(", "),
TypeError: Cannot read properties of undefined (reading 'concat') at processVulnerability (/home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index.js: 131:22) at /home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index. js: 116:33 at Array.map (<anonymous>) at getVulnerabilities (/home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index. js:116:19) at generateHtmlTemplateContent (/home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index. js: 71:27) at writeOutput (/home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index. js: 53:18) at /home/.nvm/versions/node/v16.14.2/lib/node_modules/audit-export/src/index.js:43:5 at FSReqCallback.oncomplete (node:fs: 188:23)>
Node Version - v16.14.2
NPM - 8.5.0
NVM - 0.35.3
OS - ubuntu 22.04.3 LTS
There's a standard .gitignore file available. These will support a wider range of contributor dev environments.
The PR template mentions the following:
I have tested this package in at least two versions of Node.js (one lower than the v14 and one higher than the v16)
These tests can be automated in CI. Creating this issue to setup Github Actions to run tests in CI for:
v12.xv14.xv16.xv18.xlatestWhen the project analyzed has no vulnerable dependencies, the exported table doesn't show anything.
Instead, the table could show a message like "No vulnerable dependency found".
Or instead, maybe the even not a table shown, just a message saying that no vulnerable dependencies were found on the project.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.