Skip to content

nashaddams/audit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

audit

JSR main

A tool for auditing JSR, NPM, and ESM packages with Deno utilizing the GitHub Advisory Database and npm audit.

The packages are extracted from a given deno.lock (v4) file.

JSR packages

For JSR packages, audit tries to infer the corresponding GitHub repository (api.jsr.io) from where it can gather published vulnerabilities (api.github.io).

NPM/ESM packages

NPM and ESM packages are injected into a generated package.json file on which npm audit is executed.

Usage

deno run https://jsr.io/@nashaddams/audit/<version>/mod.ts --help # Print options

deno run \
  -RWE -N=api.jsr.io,api.github.com --allow-run=npm \
  https://jsr.io/@nashaddams/audit/<version>/mod.ts

Running this command will print the audit results to the console, create a report in the output directory, and return an exit code indicating if vulnerabilities have been found (1) or not (0).

HTML report

deno run \
  -RE -N=0.0.0.0 \
  https://jsr.io/@nashaddams/audit/<version>/mod.ts \
  report