{"id":22485078,"url":"https://github.com/NodeSecure/report","last_synced_at":"2025-08-02T18:31:24.207Z","repository":{"id":37965170,"uuid":"209887579","full_name":"NodeSecure/report","owner":"NodeSecure","description":"NodeSecure HTML \u0026 PDF report generator for any public and/or private git repositories.","archived":false,"fork":false,"pushed_at":"2024-10-07T23:07:09.000Z","size":1493,"stargazers_count":14,"open_issues_count":8,"forks_count":13,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-11T00:08:35.402Z","etag":null,"topics":["hacktoberfest","nodejs","report","security","security-tool"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NodeSecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-20T21:59:40.000Z","updated_at":"2024-08-13T08:59:55.000Z","dependencies_parsed_at":"2024-02-17T21:31:38.021Z","dependency_job_id":"87330dc6-79a4-4936-aef9-5fa149b57e5b","html_url":"https://github.com/NodeSecure/report","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeSecure%2Freport","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeSecure%2Freport/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeSecure%2Freport/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeSecure%2Freport/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NodeSecure","download_url":"https://codeload.github.com/NodeSecure/report/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228499923,"owners_count":17929985,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","nodejs","report","security","security-tool"],"created_at":"2024-12-06T17:11:59.404Z","updated_at":"2025-08-02T18:31:24.168Z","avatar_url":"https://github.com/NodeSecure.png","language":"JavaScript","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://user-images.githubusercontent.com/4438263/226182740-5da22495-8a32-4d5e-b5b3-95cafcd13d38.jpg\" alt=\"@nodesecure/report\"\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![version](https://img.shields.io/badge/dynamic/json.svg?style=for-the-badge\u0026url=https://raw.githubusercontent.com/NodeSecure/report/master/package.json\u0026query=$.version\u0026label=Version)\n[![OpenSSF\nScorecard](https://api.securityscorecards.dev/projects/github.com/NodeSecure/report/badge?style=for-the-badge)](https://api.securityscorecards.dev/projects/github.com/NodeSecure/report)\n![MIT](https://img.shields.io/github/license/NodeSecure/report.svg?style=for-the-badge)\n![size](https://img.shields.io/github/languages/code-size/NodeSecure/report?style=for-the-badge)\n\n\u003c/div\u003e\n\nThis project is designed to generate periodic security reports in both HTML and PDF formats. It leverages the [@nodesecure/scanner](https://github.com/NodeSecure/scanner) to retrieve all necessary data.\n\n|               Screen1                |               Screen2                |\n| :----------------------------------: | :----------------------------------: |\n| ![](https://i.imgur.com/Jhr76Ef.jpg) | ![](https://i.imgur.com/OmV7Al6.jpg) |\n\n## Features\n\n- Automatically clones and scans Git repositories using **scanner.cwd**.\n- Provides a visual overview of **security threats** and quality issues for multiple Git or NPM packages.\n- Facilitates visualization of changes over time.\n- Generates reports in both **HTML** and **PDF** formats.\n\n## Requirements\n\n- [Node.js](https://nodejs.org/en/) v20 or higher.\n\n## Getting Started\n\nThis package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).\n\n```bash\n$ git clone https://github.com/NodeSecure/report.git\n$ cd report\n$ npm i\n$ npm run build\n$ npm link\n```\n\nAfter installation, the `nreport` binary will be available in your terminal.\n\n```bash\nnreport initialize\nnreport execute\n```\n\n\u003e [!CAUTION]\n\u003e Please read the following sections to understand how to properly set up the configuration. The **initialize** command generates an incomplete basic template.\n\n### Environment Variables\n\nTo configure the project you have to register (set) environment variables on your system. These variables can be set in a **.env** file (that file must be created at the root of the project).\n\n```\nGIT_TOKEN=\nNODE_SECURE_TOKEN=\n```\n\nTo known how to get a **GIT_TOKEN** or how to register environment variables follow our [Governance Guide](https://github.com/SlimIO/Governance/blob/master/docs/tooling.md#environment-variables).\n\n\u003e [!NOTE]\n\u003e For NODE_SECURE_TOKEN, please check the [NodeSecure CLI documentation](https://github.com/NodeSecure/cli?tab=readme-ov-file#private-registry--verdaccio).\n\n### Configuration Example (.nodesecurerc)\n\nThis uses the official NodeSecure [runtime configuration](https://github.com/NodeSecure/rc) (`@nodesecure/rc`) under the hood.\n\n```json\n{\n  \"version\": \"1.0.0\",\n  \"i18n\": \"english\",\n  \"strategy\": \"github-advisory\",\n  \"report\": {\n    \"title\": \"NodeSecure Security Report\",\n    \"logoUrl\": \"https://avatars.githubusercontent.com/u/85318671?s=200\u0026v=4\",\n    \"theme\": \"light\",\n    \"includeTransitiveInternal\": false,\n    \"reporters\": [\"html\", \"pdf\"],\n    \"npm\": {\n      \"organizationPrefix\": \"@nodesecure\",\n      \"packages\": [\"@nodesecure/js-x-ray\"]\n    },\n    \"git\": {\n      \"organizationUrl\": \"https://github.com/NodeSecure\",\n      \"repositories\": [\"vulnera\"]\n    },\n    \"charts\": [\n      {\n        \"name\": \"Extensions\",\n        \"display\": true,\n        \"interpolation\": \"d3.interpolateRainbow\",\n        \"type\": \"bar\"\n      },\n      {\n        \"name\": \"Licenses\",\n        \"display\": true,\n        \"interpolation\": \"d3.interpolateCool\",\n        \"type\": \"bar\"\n      },\n      {\n        \"name\": \"Warnings\",\n        \"display\": true,\n        \"type\": \"horizontalBar\",\n        \"interpolation\": \"d3.interpolateInferno\"\n      },\n      {\n        \"name\": \"Flags\",\n        \"display\": true,\n        \"type\": \"horizontalBar\",\n        \"interpolation\": \"d3.interpolateSinebow\"\n      }\n    ]\n  }\n}\n```\n\nThe theme can be either `dark` or `light`. Themes are editable in _public/css/themes_ (feel free to PR new themes if you want).\n\n\u003e [!NOTE]\n\u003e All D3 scale-chromatic for charts can be found [here](https://github.com/d3/d3-scale-chromatic/blob/master/README.md).\n\n## API\n\n\u003e [!CAUTION]\n\u003e The API is ESM only\n\n### report\n\n```ts\nfunction report(\n  scannerDependencies: Scanner.Payload[\"dependencies\"],\n  reportConfig: ReportConfiguration,\n  reportOptions?: ReportOptions\n): Promise\u003cBuffer\u003e;\n```\n\nGenerates and returns a PDF Buffer based on the provided report options and scanner payload.\n\n```ts\n/**\n * Configuration dedicated for NodeSecure Report\n * @see https://github.com/NodeSecure/report\n */\nexport interface ReportConfiguration {\n  /**\n   * @default `light`\n   */\n  theme?: \"light\" | \"dark\";\n  title: string;\n  /**\n   * URL to a logo to show on the final HTML/PDF Report\n   */\n  logoUrl?: string;\n  /**\n   * Show/categorize internal dependencies as transitive\n   * @default false\n   */\n  includeTransitiveInternal?: boolean;\n  npm?: {\n    /**\n     * NPM organization prefix starting with @\n     * @example `@nodesecure`\n     */\n    organizationPrefix: string;\n    packages: string[];\n  };\n  git?: {\n    /**\n     * GitHub organization URL\n     * @example `https://github.com/NodeSecure`\n     */\n    organizationUrl: string;\n    /**\n     * List of repositories\n     * name are enough, no need to provide .git URL or any equivalent\n     */\n    repositories: string[];\n  };\n  /**\n   * @default html,pdf\n   */\n  reporters?: (\"html\" | \"pdf\")[];\n  charts?: ReportChart[];\n}\n\nexport interface ReportChart {\n  /**\n   * List of available charts.\n   */\n  name: \"Extensions\" | \"Licenses\" | \"Warnings\" | \"Flags\";\n  /**\n   * @default true\n   */\n  display?: boolean;\n  /**\n   * Chart.js chart type.\n   *\n   * @see https://www.chartjs.org/docs/latest/charts\n   * @default `bar`\n   */\n  type?: \"bar\" | \"horizontalBar\" | \"polarArea\" | \"doughnut\";\n  /**\n   * D3 Interpolation color. Will be picked randomly by default if not provided.\n   * @see https://github.com/d3/d3-scale-chromatic/blob/main/README.md\n   */\n  interpolation?: string;\n}\n\nexport interface ReportOptions {\n  /**\n   * Location where the report will be saved.\n   * \n   * If not provided, default to cwd if HTML or PDF is saved on disk, or a temp directory else.\n   */\n  reportOutputLocation?: string | null;\n  /**\n   * Save the PDF on disk\n   * @default false\n   */\n  savePDFOnDisk?: boolean;\n  /**\n   * Save the HTML on disk\n   * @default false\n   */\n  saveHTMLOnDisk?: boolean;\n}\n```\n\n## Scripts\n\nYou can generate a preview of a report using the following NPM scripts\n\n```bash\n$ npm run preview:light\n$ npm run preview:dark\n```\n\n## Debug mode\n\nYou can write in the file \"reports/debug-pkg-repo.txt\", all data generated from NPM package and GIT repository scanners using the following option. Usefull if you want to get a preview from this data set.\n\n```bash\n$ nreport exec --debug\n```\n\n## Contributors ✨\n\n\u003c!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section --\u003e\n[![All Contributors](https://img.shields.io/badge/all_contributors-10-orange.svg?style=flat-square)](#contributors-)\n\u003c!-- ALL-CONTRIBUTORS-BADGE:END --\u003e\n\nThanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --\u003e\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable --\u003e\n\u003ctable\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://www.linkedin.com/in/thomas-gentilhomme/\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/4438263?v=4?s=100\" width=\"100px;\" alt=\"Gentilhomme\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eGentilhomme\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=fraxken\" title=\"Code\"\u003e💻\u003c/a\u003e \u003ca href=\"https://github.com/NodeSecure/report/commits?author=fraxken\" title=\"Documentation\"\u003e📖\u003c/a\u003e \u003ca href=\"https://github.com/NodeSecure/report/pulls?q=is%3Apr+reviewed-by%3Afraxken\" title=\"Reviewed Pull Requests\"\u003e👀\u003c/a\u003e \u003ca href=\"#security-fraxken\" title=\"Security\"\u003e🛡️\u003c/a\u003e \u003ca href=\"https://github.com/NodeSecure/report/issues?q=author%3Afraxken\" title=\"Bug reports\"\u003e🐛\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/Kawacrepe\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/40260517?v=4?s=100\" width=\"100px;\" alt=\"Vincent Dhennin\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eVincent Dhennin\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=Kawacrepe\" title=\"Code\"\u003e💻\u003c/a\u003e \u003ca href=\"https://github.com/NodeSecure/report/commits?author=Kawacrepe\" title=\"Documentation\"\u003e📖\u003c/a\u003e \u003ca href=\"https://github.com/NodeSecure/report/pulls?q=is%3Apr+reviewed-by%3AKawacrepe\" title=\"Reviewed Pull Requests\"\u003e👀\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/Rossb0b\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/39910164?v=4?s=100\" width=\"100px;\" alt=\"Nicolas Hallaert\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eNicolas Hallaert\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=Rossb0b\" title=\"Documentation\"\u003e📖\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/Max2810\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/53535185?v=4?s=100\" width=\"100px;\" alt=\"Max\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eMax\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=Max2810\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/fabnguess\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/72697416?v=4?s=100\" width=\"100px;\" alt=\"Kouadio Fabrice Nguessan\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eKouadio Fabrice Nguessan\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#maintenance-fabnguess\" title=\"Maintenance\"\u003e🚧\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/halcin\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/7302407?v=4?s=100\" width=\"100px;\" alt=\"halcin\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003ehalcin\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/issues?q=author%3Ahalcin\" title=\"Bug reports\"\u003e🐛\u003c/a\u003e \u003ca href=\"https://github.com/NodeSecure/report/commits?author=halcin\" title=\"Code\"\u003e💻\u003c/a\u003e \u003ca href=\"#a11y-halcin\" title=\"Accessibility\"\u003e️️️️♿️\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/PierreDemailly\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/39910767?v=4?s=100\" width=\"100px;\" alt=\"PierreDemailly\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003ePierreDemailly\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=PierreDemailly\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/lilleeleex\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/55240847?v=4?s=100\" width=\"100px;\" alt=\"Lilleeleex\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eLilleeleex\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=lilleeleex\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://www.linkedin.com/in/nk-3906b7206/\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/46855953?v=4?s=100\" width=\"100px;\" alt=\"Nishi\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eNishi\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=Nishi46\" title=\"Documentation\"\u003e📖\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/orlando1108\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/22614778?v=4?s=100\" width=\"100px;\" alt=\"Erwan Raulo\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eErwan Raulo\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/NodeSecure/report/commits?author=orlando1108\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n\u003c!-- markdownlint-restore --\u003e\n\u003c!-- prettier-ignore-end --\u003e\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:END --\u003e\n\n## License\n\nMIT\n","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNodeSecure%2Freport","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNodeSecure%2Freport","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNodeSecure%2Freport/lists"}