{"id":21629768,"url":"https://github.com/mozilla-services/audit-filter","last_synced_at":"2025-10-11T13:16:59.019Z","repository":{"id":33010646,"uuid":"149492159","full_name":"mozilla-services/audit-filter","owner":"mozilla-services","description":"Filter for npm audit results ","archived":false,"fork":false,"pushed_at":"2023-06-26T18:29:23.000Z","size":837,"stargazers_count":3,"open_issues_count":17,"forks_count":5,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-09-19T01:52:06.796Z","etag":null,"topics":["audit","npm","security"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mozilla-services.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-19T18:05:30.000Z","updated_at":"2021-10-13T19:04:59.000Z","dependencies_parsed_at":"2024-06-18T19:47:07.499Z","dependency_job_id":"43dd39b7-bb21-4232-a37b-9d138b15c185","html_url":"https://github.com/mozilla-services/audit-filter","commit_stats":{"total_commits":112,"total_committers":9,"mean_commits":"12.444444444444445","dds":0.2053571428571429,"last_synced_commit":"7350e4c82e858b0665112f5a63242747138b9cd3"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/mozilla-services/audit-filter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Faudit-filter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Faudit-filter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Faudit-filter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Faudit-filter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mozilla-services","download_url":"https://codeload.github.com/mozilla-services/audit-filter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla-services%2Faudit-filter/sbom","scorecard":{"id":662015,"data":{"date":"2025-08-11","repo":{"name":"github.com/mozilla-services/audit-filter","commit":"7350e4c82e858b0665112f5a63242747138b9cd3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":2,"reason":"Found 1/5 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: pkg/audit_filter_bg.wasm:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla-services/audit-filter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla-services/audit-filter/test.yml/master?enable=pin","Warn: downloadThenRun not pinned by hash: .github/workflows/test.yml:25","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.2.5 not signed: https://api.github.com/repos/mozilla-services/audit-filter/releases/13113227","Warn: release artifact 0.2.4 not signed: https://api.github.com/repos/mozilla-services/audit-filter/releases/13110368","Warn: release artifact 0.2.2 not signed: https://api.github.com/repos/mozilla-services/audit-filter/releases/13108253","Warn: release artifact 0.1.1 not signed: https://api.github.com/repos/mozilla-services/audit-filter/releases/13008942","Warn: release artifact 0.2.5 does not have provenance: https://api.github.com/repos/mozilla-services/audit-filter/releases/13113227","Warn: release artifact 0.2.4 does not have provenance: https://api.github.com/repos/mozilla-services/audit-filter/releases/13110368","Warn: release artifact 0.2.2 does not have provenance: https://api.github.com/repos/mozilla-services/audit-filter/releases/13108253","Warn: release artifact 0.1.1 does not have provenance: https://api.github.com/repos/mozilla-services/audit-filter/releases/13008942"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/mozilla-services/.github/SECURITY.md:1","Info: Found linked content: github.com/mozilla-services/.github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: github.com/mozilla-services/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"19 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2022-0078 / GHSA-f85w-wvc7-crwc","Warn: Project is vulnerable to: RUSTSEC-2019-0036 / RUSTSEC-2020-0036 / GHSA-jq66-xh47-j9f3 / GHSA-r98r-j25q-rmpr","Warn: Project is vulnerable to: RUSTSEC-2022-0013 / GHSA-m5pq-gvj9-9vr8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-582f-p4pg-xc74","Warn: Project is vulnerable to: GHSA-jgrh-5m3h-9c5f","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-446m-mv8f-q348","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T16:29:28.950Z","repository_id":33010646,"created_at":"2025-08-21T16:29:28.950Z","updated_at":"2025-08-21T16:29:28.950Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279007315,"owners_count":26084280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","npm","security"],"created_at":"2024-11-25T02:08:42.699Z","updated_at":"2025-10-11T13:16:59.002Z","avatar_url":"https://github.com/mozilla-services.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"### audit-filter\n\n[![crates.io version](https://img.shields.io/crates/v/audit-filter.svg)](https://img.shields.io/crates/v/audit-filter.svg)\n[![Build Status](https://travis-ci.org/mozilla-services/audit-filter.svg?branch=master)](https://travis-ci.org/mozilla-services/audit-filter)\n[![npm version](https://badge.fury.io/js/audit-filter.svg)](https://badge.fury.io/js/audit-filter)\n\n`audit-filter` takes the output of [`npm audit\n--json`](https://docs.npmjs.com/cli/audit) and an\n[nsp](https://github.com/nodesecurity/nsp) rc config file [*without\ncomments*](#fixing-comments-in-nsprc-files) and filters out advisories\naccording to the nsp offline exceptions format (see usage for an\nexample).\n\nThis provides a migration path from `nsp check` to `npm audit` and\nlets projects to use `npm audit` in CI pipelines without masking all\nadvisories (e.g. with `npm audit || true`).\n\n### Install\n\n#### Requirements\n\n* node 8.x or 10.x\n* npm@6 (for `--json` support and newer package-lock.json format)\n\n#### Local NPM package\n\n1. Run `npm install --save-dev audit-filter` to add it as a dev dependency\n\n1. Require an npm version with `npm audit` support in `package.json` e.g.\n\n```json\n{\n  ...\n  \"engines\": {\n    \"node\": \"\u003e=8\",\n    \"npm\": \"\u003e=6.4.1\"\n  },\n  ...\n}\n```\n\n1. Add an empty exceptions file named `.nsprc`:\n\n\n```json\n{\n  \"exceptions\": [\n  ]\n}\n```\n\n1. Optionally, add an npm script command:\n\n```json\n{\n  \"scripts\": {\n    \"lint:deps\": \"npm audit --json | audit-filter --nsp-config=.nsprc --audit=-\"\n\t...\n  }\n  ...\n  \"devDependencies\": {\n    \"audit-filter\": \"0.3.0\"\n  },\n  ...\n}\n```\n\nand test it with: `npm run lint:deps` or `npm run-script lint:deps`\n\n1. Optionally, set \"The minimum level of vulnerability for npm audit to exit with a non-zero exit with [`npm config audit level ('low', 'moderate', 'high', 'critical')`](https://docs.npmjs.com/misc/config#audit-level)\n\n#### Global NPM package\n\n```console\nnpm install -g audit-filter\n```\n\n#### Cargo\n\n```console\ncargo install audit-filter\n```\n\n### Usage\n\nNote: all commands run from the project root\n\n```console\n$ audit-filter -h\naudit-filter filters the output of \"npm audit --json\"\n\nUsage:\n  audit-filter [--json] [--audit=\u003c-\u003e] [--nsp-config=\u003c.nsprc\u003e]\n  audit-filter (-h | --help | --version)\n\nOptions:\n  -h --help                       Show this screen.\n  --version                       Show version.\n  --json                          Output subset of JSON for the unfiltered advisories as an array.\n  --audit=\u003caudit\u003e                 NPM Audit JSON file [default: -].\n  --nsp-config=\u003cconfig\u003e           Default filter config [default: .nsprc].\n$ cd audit-filter/example/\n$ cat package.json\n{\n  \"dependencies\": {\n    \"moment\": \"2.19.2\",\n    \"restify\": \"7.0.0\"\n  },\n  \"devDependencies\": {\n    \"audit-filter\": \"0.3.0\",\n    \"lodash\": \"^4.17.15\"\n  },\n  \"engines\": {\n    \"node\": \"\u003e=8\",\n    \"npm\": \"\u003e=6.4.1\"\n  },\n  \"scripts\": {\n    \"lint:deps\": \"npm audit --json | audit-filter --nsp-config=.nsprc --audit=-\"\n  }\n}\n$ npm --version\n6.9.0\n$ npm audit\n\u001b[90m                                                                                \u001b[39m\n\u001b[90m \u001b[39m                      === npm audit security report ===                       \u001b[90m \u001b[39m\n\u001b[90m                                                                                \u001b[39m\n# Run  npm install moment@2.24.0  to resolve 1 vulnerability\n\u001b[90m┌───────────────\u001b[39m\u001b[90m┬──────────────────────────────────────────────────────────────┐\u001b[39m\n\u001b[90m│\u001b[39m Low           \u001b[90m│\u001b[39m Regular Expression Denial of Service                         \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Package       \u001b[90m│\u001b[39m moment                                                       \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Dependency of \u001b[90m│\u001b[39m moment                                                       \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Path          \u001b[90m│\u001b[39m moment                                                       \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m More info     \u001b[90m│\u001b[39m https://npmjs.com/advisories/532                             \u001b[90m│\u001b[39m\n\u001b[90m└───────────────\u001b[39m\u001b[90m┴──────────────────────────────────────────────────────────────┘\u001b[39m\n\n\n# Run  npm update moment --depth 3  to resolve 1 vulnerability\n\u001b[90m┌───────────────\u001b[39m\u001b[90m┬──────────────────────────────────────────────────────────────┐\u001b[39m\n\u001b[90m│\u001b[39m Low           \u001b[90m│\u001b[39m Regular Expression Denial of Service                         \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Package       \u001b[90m│\u001b[39m moment                                                       \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Dependency of \u001b[90m│\u001b[39m restify                                                      \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Path          \u001b[90m│\u001b[39m restify \u003e bunyan \u003e moment                                    \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m More info     \u001b[90m│\u001b[39m https://npmjs.com/advisories/532                             \u001b[90m│\u001b[39m\n\u001b[90m└───────────────\u001b[39m\u001b[90m┴──────────────────────────────────────────────────────────────┘\u001b[39m\n\n\n# Run  npm update lodash --depth 3  to resolve 2 vulnerabilities\n\u001b[90m┌───────────────\u001b[39m\u001b[90m┬──────────────────────────────────────────────────────────────┐\u001b[39m\n\u001b[90m│\u001b[39m High          \u001b[90m│\u001b[39m Prototype Pollution                                          \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Package       \u001b[90m│\u001b[39m lodash                                                       \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Dependency of \u001b[90m│\u001b[39m restify                                                      \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Path          \u001b[90m│\u001b[39m restify \u003e lodash                                             \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m More info     \u001b[90m│\u001b[39m https://npmjs.com/advisories/1065                            \u001b[90m│\u001b[39m\n\u001b[90m└───────────────\u001b[39m\u001b[90m┴──────────────────────────────────────────────────────────────┘\u001b[39m\n\n\n\u001b[90m┌───────────────\u001b[39m\u001b[90m┬──────────────────────────────────────────────────────────────┐\u001b[39m\n\u001b[90m│\u001b[39m High          \u001b[90m│\u001b[39m Prototype Pollution                                          \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Package       \u001b[90m│\u001b[39m lodash                                                       \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Dependency of \u001b[90m│\u001b[39m restify                                                      \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m Path          \u001b[90m│\u001b[39m restify \u003e restify-errors \u003e lodash                            \u001b[90m│\u001b[39m\n\u001b[90m├───────────────\u001b[39m\u001b[90m┼──────────────────────────────────────────────────────────────┤\u001b[39m\n\u001b[90m│\u001b[39m More info     \u001b[90m│\u001b[39m https://npmjs.com/advisories/1065                            \u001b[90m│\u001b[39m\n\u001b[90m└───────────────\u001b[39m\u001b[90m┴──────────────────────────────────────────────────────────────┘\u001b[39m\n\n\nfound 4 vulnerabilities (2 low, 2 high) in 137 scanned packages\n  run `npm audit fix` to fix 4 of them.\n$ echo $?\n1\n$ cat .nsprc\n{\n  \"exceptions\": [\n    \"https://npmjs.com/advisories/532\",\n    \"https://npmjs.com/advisories/577\",\n    \"https://npmjs.com/advisories/782\",\n    \"https://npmjs.com/advisories/1065\"\n   ]\n}\n$ npm audit --json | audit-filter\nNo advisories found after filtering.\n$ echo $?\n0\n$ # Alternatively specify audit and config file paths (note: errors print to stderr)\n$ cd .. \u0026\u0026 audit-filter --nsp-config example/.nsprc --audit tests/fixtures/screenshots-e78ee92b9a76ed6796cbdf0a9f643e00efc8b8b1-npm-6.9.0-audit.json\nUnfiltered advisories:\n  https://npmjs.com/advisories/118\n  https://npmjs.com/advisories/534\n  https://npmjs.com/advisories/566\n  https://npmjs.com/advisories/598\n  https://npmjs.com/advisories/663\n  https://npmjs.com/advisories/755\n  https://npmjs.com/advisories/777\n  https://npmjs.com/advisories/786\n  https://npmjs.com/advisories/788\n  https://npmjs.com/advisories/803\n  https://npmjs.com/advisories/813\n  https://npmjs.com/advisories/886\n  https://npmjs.com/advisories/996\n  https://npmjs.com/advisories/1012\n  https://npmjs.com/advisories/1013\n  https://npmjs.com/advisories/1071\n$ echo $?\n1\n$ # use --json for JSON output\n$ audit-filter --json --nsp-config example/.nsprc --audit tests/fixtures/screenshots-e78ee92b9a76ed6796cbdf0a9f643e00efc8b8b1-npm-6.9.0-audit.json | head\n[\n  {\n    \"findings\": [\n      {\n        \"version\": \"2.0.10\",\n        \"paths\": [\n          \"istanbul-middleware\u003earchiver\u003eglob\u003eminimatch\"\n        ],\n        \"dev\": null,\n        \"optional\": null,\n```\n\n### Fixing comments in .nsprc files\n\n```console\n$ cat tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-nsprc-comment.json\n{\n  // See https://github.com/mozilla-services/screenshots/issues/4397\n  \"exceptions\": [\n    \"https://nodesecurity.io/advisories/566\",\n    \"https://nodesecurity.io/advisories/577\",\n    \"https://nodesecurity.io/advisories/598\",\n    \"https://nodesecurity.io/advisories/663\",\n    \"https://nodesecurity.io/advisories/664\"\n   ]\n}\n$ audit-filter --nsp-config tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-nsprc-comment.json --audit tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-npm-6.4.1-audit.json\nError parsing nsp config JSON: key must be a string at line 2 column 3\n$ echo $?\n2\n$ cat tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-nsprc-comment.json | sed \"s|// .*||g\" | python -m json.tool\n{\n    \"exceptions\": [\n        \"https://nodesecurity.io/advisories/566\",\n        \"https://nodesecurity.io/advisories/577\",\n        \"https://nodesecurity.io/advisories/598\",\n        \"https://nodesecurity.io/advisories/663\",\n        \"https://nodesecurity.io/advisories/664\"\n    ]\n}\n$ # alternatively convert comments into valid JSON e.g.\n{\n  \"comment\": \"See https://github.com/mozilla-services/screenshots/issues/4397\",\n  \"exceptions\": [\n    \"https://nodesecurity.io/advisories/566\",\n    \"https://nodesecurity.io/advisories/577\",\n    \"https://nodesecurity.io/advisories/598\",\n    \"https://nodesecurity.io/advisories/663\",\n    \"https://nodesecurity.io/advisories/664\"\n   ]\n}\n```\n\n### Exit Codes\n\n* 0 - No advisories or all advisories acked from filters\n* 1 - New failures one or more unacked advisory. Rerun `npm audit` to see the errors.\n* 2 - Error finding or parsing config files or audit JSON.\n\n### Other errors\n\nNB: error messages will differ for audit-filter installed with NPM\n\nEnumerated here for completeness. These all exit with code 2.\n\n#### Error opening audit file\n\n```console\n$ audit-filter --nsp-config tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-nsprc.json --audit no-file\nError opening audit JSON no-file: No such file or directory (os error 2)\n```\n\n#### Error parsing audit from stdin\n\n```console\n$ echo \"this is not JSON\" | audit-filter --nsp-config tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-nsprc.json --audit -\nError parsing audit JSON from stdin: expected ident at line 1 column 2\n```\n\n#### Error parsing audit from file\n\n```console\n$ echo \"this is not JSON\" \u003e not_json.txt\n$ audit-filter --nsp-config tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-nsprc.json --audit not_json.txt\nError parsing audit JSON: expected ident at line 1 column 2\n```\n\n#### Error opening nsp config file\n\n```console\n$ audit-filter --nsp-config no-file --audit tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-npm-6.4.1-audit.json\nError opening nsp config JSON no-file: No such file or directory (os error 2)\n```\n\n#### Error parsing nsp config from stdin\n\n```console\n$ echo \"this is not JSON\" | audit-filter --nsp-config - --audit tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-npm-6.4.1-audit.json\nError parsing nsp config JSON from stdin: expected ident at line 1 column 2\n```\n\n#### Error parsing nsp config from file\n\n```console\n$ echo \"this is not JSON\" \u003e not_json.txt\n$ audit-filter --nsp-config not_json.txt --audit tests/fixtures/screenshots-0191b17d3bac5de51efa7acbaa0d52bb26c91573-npm-6.4.1-audit.json\nError parsing nsp config JSON: expected ident at line 1 column 2\n```\n\n### Building\n\nTo build a static executable:\n\n```console\n$ rustup target add x86_64-unknown-linux-musl\n...\n$ cargo build --release --target x86_64-unknown-linux-musl\n...\n$ ls -lh ./target/x86_64-unknown-linux-musl/release/audit-filter\n-rwxrwxr-x 2 gguthe gguthe 7.0M Sep 20 13:09 ./target/x86_64-unknown-linux-musl/release/audit-filter\n$ ldd ./target/x86_64-unknown-linux-musl/release/audit-filter\n        not a dynamic executable\n```\n\n### Contributors\n\n* @agwells\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmozilla-services%2Faudit-filter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmozilla-services%2Faudit-filter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmozilla-services%2Faudit-filter/lists"}