Unofficial web extension to check packages on vulnerabilities
MIT License
Unofficial web extension to check packages on vulnerabilities. Runs in Firefox, Chrome and Opera (and likely more web browsers) on desktop.
Clone this repository, then install the dependencies with npm i
.
npm start
will start a Firefox instance with the extension loaded.
For other browsers, you will need to load the dist/manifest.json
manually.
npm test
will execute the mocha test suite.
Due to the use of proxyquire
a code coverage report cannot be generated for now.
This extension will recognise if you are browsing a package.json on GitHub and offer you to scan the (dev)Dependencies for known vulnerabilities. It is also planned to allow the check when looking at a single JS(X) or TS(x) file. The agenda includes a check on NPM registry websites as well.
MIT. Check LICENSE for details.