{"id":25035008,"url":"https://github.com/nashaddams/audit","last_synced_at":"2026-04-08T20:04:02.903Z","repository":{"id":268622847,"uuid":"904735950","full_name":"nashaddams/audit","owner":"nashaddams","description":"Audit JSR, deno.land, NPM, and ESM packages","archived":false,"fork":false,"pushed_at":"2026-04-07T20:18:20.000Z","size":462,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-07T22:25:34.567Z","etag":null,"topics":["audit","auditing","deno","esm","jsr","npm"],"latest_commit_sha":null,"homepage":"https://jsr.io/@nashaddams/audit","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nashaddams.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-12-17T13:06:08.000Z","updated_at":"2026-04-07T20:18:24.000Z","dependencies_parsed_at":"2025-01-06T18:28:25.168Z","dependency_job_id":"e0553adf-e88e-4b0d-87fa-d0203a03f32e","html_url":"https://github.com/nashaddams/audit","commit_stats":null,"previous_names":["nashaddams/audit"],"tags_count":40,"template":false,"template_full_name":null,"purl":"pkg:github/nashaddams/audit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nashaddams%2Faudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nashaddams%2Faudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nashaddams%2Faudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nashaddams%2Faudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nashaddams","download_url":"https://codeload.github.com/nashaddams/audit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nashaddams%2Faudit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31571601,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","auditing","deno","esm","jsr","npm"],"created_at":"2025-02-05T23:44:17.242Z","updated_at":"2026-04-08T20:04:02.889Z","avatar_url":"https://github.com/nashaddams.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# audit\n\n[![JSR](https://jsr.io/badges/@nashaddams/audit)](https://jsr.io/@nashaddams/audit)\n[![JSR score](https://jsr.io/badges/@nashaddams/audit/score)](https://jsr.io/@nashaddams/audit)\n[![main](https://github.com/nashaddams/audit/actions/workflows/tests.yml/badge.svg)](https://github.com/nashaddams/audit/actions)\n\nAudit [JSR](https://jsr.io), [deno.land](https://deno.land/x),\n[NPM](https://www.npmjs.com), and [ESM](https://esm.sh) packages utilizing the\n[GitHub Advisory Database](https://github.com/advisories).\n\n## Usage\n\n```sh\ndeno run -A jsr:@nashaddams/audit [--help]\n```\n\nRunning this command will print the audit results, create a report in the output\ndirectory (`.md`, `.html`), and return an exit code indicating whether\nvulnerabilities have been found and matched (`1`) or not (`0`).\n\n\u003e [!TIP]\n\u003e Avoid exceeding GitHub rate limits by\n\u003e [creating an access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)\n\u003e and passing it via `GITHUB_TOKEN` environment variable.\n\n### Serving the report\n\nThe `report` subcommand serves the generated audit report:\n\n```sh\ndeno run -A jsr:@nashaddams/audit report\n```\n\n### Ignoring vulnerabilities\n\nVulnerabilities for a specific package can be excluded by adding the package\nname and CVE ID(s) or GHSA ID(s) to the `audit.json` configuration file:\n\n```json\n{\n  \"ignore\": {\n    \"@std/bytes\": [\"CVE-2024-12345\"],\n    \"@std/cli\": [\"GHSA-1234-fwm1-12wm\"]\n  }\n}\n```\n\n### Library usage\n\nAlternatively, `audit` can also be imported and used as a library function:\n\n```ts\nimport { audit } from \"@nashaddams/audit\";\n\naudit(options?: AuditOptions);\n```\n\nSee [the docs](https://jsr.io/@nashaddams/audit/doc) for further details.\n\n### Collecting licenses\n\nIn addition to auditing packages, `audit` can also collect the licenses of\nresolved packages via `licenses` subcommand:\n\n```sh\ndeno run -A jsr:@nashaddams/audit licenses [--merge]\n```\n\n## Workflow\n\n- Extract the packages from a given lock file\n- Resolve the corresponding GitHub repositories\n  - JSR via `api.jsr.io`\n  - deno.land via `cdn.deno.land`\n  - NPM \u0026 ESM via `registry.npmjs.org`\n- Fetch published vulnerabilities via `api.github.io`\n- Create a report\n\n## Granular `run` permissions\n\nFor convenience, the previous `run` instructions use the `-A` permission flag\nwhich grants all permissions to `audit`. Alternatively, granular flags can be\npassed instead:\n\n| Command          | Permissions                                                                                                                   |\n| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- |\n| `audit`          | `-RW=.`\u003cbr/\u003e`-E=OUTPUT_DIR,CONFIG_FILE,GITHUB_TOKEN,TERM`\u003cbr/\u003e`-N=api.jsr.io,cdn.deno.land,registry.npmjs.org,api.github.com` |\n| `audit report`   | `-R=.`\u003cbr/\u003e`-E=OUTPUT_DIR,CONFIG_FILE,GITHUB_TOKEN,TERM`\u003cbr/\u003e`-N=0.0.0.0`                                                     |\n| `audit licenses` | `-RW.`\u003cbr/\u003e`-E=OUTPUT_DIR,CONFIG_FILE,GITHUB_TOKEN,TERM`\u003cbr/\u003e`-N=api.github.com`                                              |\n\n\u003cdetails\u003e\n\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n| Permission | Usage                                                                                               |\n| ---------- | --------------------------------------------------------------------------------------------------- |\n| `-R`       | Read the lock file, audit report, and resolved packages.                                            |\n| `-W`       | Write the audit report, resolved and unresolved packages, and licenses.                             |\n| `-E`       | Configue `audit`, make authenticated GitHub API requests, and the terminal spinner.                 |\n| `-N`       | Fetch the package information and GitHub security advisories, and serve the generated audit report. |\n\n\u003c/details\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnashaddams%2Faudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnashaddams%2Faudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnashaddams%2Faudit/lists"}