is-my-node-vulnerable
package that checks if your Node.js installation is vulnerable to known security vulnerabilities
MIT License
Bot releases are visible (Hide)
What's Changed
- test: add BadBatchBug check by @RafaelGSS in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/17
- feat: display cve severity on reporter by @RafaelGSS in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/18
Full Changelog: https://github.com/RafaelGSS/is-my-node-vulnerable/compare/v1.4.1...v1.5.0
Published by RafaelGSS 5 months ago
What's Changed
- Bump node to v20 by @theboolean in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/16
Full Changelog: https://github.com/RafaelGSS/is-my-node-vulnerable/compare/v1.4.0...v1.4.1
Published by RafaelGSS 5 months ago
What's Changed
- Update node version in action.yml: v16 -> v18 by @theboolean in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/15
New Contributors
- @theboolean made their first contribution in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/15
Full Changelog: https://github.com/RafaelGSS/is-my-node-vulnerable/compare/v1.3.0...v1.4.0
Published by RafaelGSS over 1 year ago
What's Changed
- feat: added platform validation by @UlisesGascon in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/12
npx is-my-node-vulnerablenow checks if the public CVE affects your operating system
Full Changelog: https://github.com/RafaelGSS/is-my-node-vulnerable/compare/v1.2.0...v1.3.0
Published by RafaelGSS over 1 year ago
What's Changed
- test: add latest release to test by @RafaelGSS in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/10
- Add Github Action capabilities by @UlisesGascon in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/11
Github Action capabilities 🎉
Example:
- Passing for Node.js 18.14.1,
- Failing for Node.js 8.0.0,
Using it
name: "Node.js Vulnerabilities"
on:
schedule:
- cron: "0 0 * * *"
jobs:
is-my-node-vulnerable:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check Node.js
uses: RafaelGSS/[email protected]
with:
node-version: "18.14.1"
New Contributors
- @UlisesGascon made their first contribution in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/11
Full Changelog: https://github.com/RafaelGSS/is-my-node-vulnerable/compare/v1.1.0...v1.2.0
Published by RafaelGSS over 1 year ago
What's Changed
- chore: add repository field to package.json by @srl295 in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/4
- fix: drop required node to <=14.0.0 by @srl295 & @ljharb in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/6
- chore: add v12 to ci by @srl295 in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/7
- feat: add end-of-life support by @srl295 & @RafaelGSS in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/8
New Contributors
- @srl295 made their first contribution in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/4
- @ljharb made their first contribution in https://github.com/RafaelGSS/is-my-node-vulnerable/pull/6
Full Changelog: https://github.com/RafaelGSS/is-my-node-vulnerable/compare/v1.0.0...v1.1.0
Worried about the security of your Node.js installation? This package is here to help!
It checks for known vulnerabilities by comparing your installed version to the Node.js Security Database and alerts you if any are found. Try it with:
$ npx is-my-node-vulnerable
Including it in your CI might be a good fit :)
Published by RafaelGSS over 1 year ago
Published by RafaelGSS over 1 year ago