Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories
APACHE-2.0 License
Bot releases are visible (Hide)
Published by quinnturner about 3 years ago
EDIT: Not accessible on the NPM registry due to NPM's outage: https://status.npmjs.org/incidents/wy4002vc8ryc
#196 - Support wildcards in allowlist
#204 - Use array.prototype.flatmap instead of core-js
Published by quinnturner about 3 years ago
#198 - [BREAKING]: Drop support for Node 8
#198 - Update lots of dependencies, fixing advisories
Published by quinnturner about 3 years ago
#199 - fix: Update advisory numbers for tests
#197 - feat: Add support for JSON5 config
#193 - feat: output-format, support JSON
Published by quinnturner over 3 years ago
#184 - Via link resolving for NPM 7
#186 - Opt-in skip dev dependencies
Published by quinnturner over 3 years ago
#175 - Add NPM 7 support
Published by quinnturner over 3 years ago
Published by quinnturner over 4 years ago
Bugs fixes
#159 - Remove duplicate element of advisoriesFound in summary
#161 - Change lodash to node-noop for no vuln
Published by quinnturner over 4 years ago
Published by quinnturner over 4 years ago
Published by quinnturner over 4 years ago
Published by quinnturner over 4 years ago
Fixes:
#129 - fix: NPM ENOAUDIT message capturing improvements
Published by quinnturner over 4 years ago
Fixes:
#120 - fix: Get audit-ci version from package.json
Docs:
#123 - docs: Change suggested usage to include master
Build:
#121 - fix(CI): Update CircleCI and Travis-CI build configs
#122 - fix(CI): audit-ci checks in CircleCI on PR builds
Published by quinnturner almost 5 years ago
#114 - Add current audit-ci version to output
#115 - chore(contributing): Improve testing section
Published by quinnturner almost 5 years ago
Fixes:
#112: Remove duplicate advisories from whitelisted list
Published by quinnturner about 5 years ago
Features
Published by quinnturner about 5 years ago
Features:
#104 - Add "path-whitelist" option
Fixes:
#108 - Fix --pass-enoaudit
to not always pass an audit
Docs:
#101 - README typo fix for the --report-type
#105 - Aditional examples for path whitelisting
Published by quinnturner over 5 years ago
Fixes:
JSONStream
for handling JSON data too big for JSON.parse
Docs:
--pass-enoaudit
information to README--report-type
Published by quinnturner over 5 years ago
Features
#88 - Added --pass-enoaudit
flag to mitigate issues with registries having service unavailability
Published by quinnturner over 5 years ago
Diff: https://github.com/IBM/audit-ci/compare/v2.0.0..v2.0.1
Bug fixes
Fix retry mechanism for another version of NPM error message: https://github.com/IBM/audit-ci/pull/89
Published by quinnturner over 5 years ago
Diff: https://github.com/IBM/audit-ci/compare/v1.7.0..v2.0.0
BREAKING
The default report output has been changed for Yarn and NPM. Instead of showing the audit summary alone, it shows the audit summary as well as relevant vulnerabilities. This behaviour can be changed using the --report-type
option.
Spec:
--report-type important
--> (default) Show the audit summary and relevant vulnerabilities
--report-type summary
--> Only show the audit summary (# of each vulnerability)
--report-type full
--> Show the full audit report
Features
--report-type {important,summary,full}
flag #74 (closes #64 )Chores
--report
in favour of --report-type full
--summary
in favour of --report-type summary
Major release due to changing the default behaviour for audit reporting and deprecating key options