{"id":15290220,"url":"https://github.com/npm/npm-audit-report","last_synced_at":"2025-05-15T15:05:15.936Z","repository":{"id":31903104,"uuid":"122357526","full_name":"npm/npm-audit-report","owner":"npm","description":"npm audit security report","archived":false,"fork":false,"pushed_at":"2024-10-03T02:39:02.000Z","size":476,"stargazers_count":33,"open_issues_count":3,"forks_count":18,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-03-31T20:09:41.316Z","etag":null,"topics":["npm-cli"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/npm.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-21T15:56:01.000Z","updated_at":"2024-09-05T00:15:52.000Z","dependencies_parsed_at":"2024-04-20T22:54:47.444Z","dependency_job_id":"15987dec-a79e-49d1-aab8-90dc7ac1cee8","html_url":"https://github.com/npm/npm-audit-report","commit_stats":{"total_commits":144,"total_committers":18,"mean_commits":8.0,"dds":0.7916666666666666,"last_synced_commit":"3663a9c9d20dfd75b0bd7ecd7bf71e3ef8d01770"},"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Fnpm-audit-report","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Fnpm-audit-report/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Fnpm-audit-report/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/npm%2Fnpm-audit-report/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/npm","download_url":"https://codeload.github.com/npm/npm-audit-report/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247730069,"owners_count":20986404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["npm-cli"],"created_at":"2024-09-30T16:06:26.644Z","updated_at":"2025-04-07T21:16:18.111Z","avatar_url":"https://github.com/npm.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# npm audit security report\n\nGiven a response from the npm security api, render it into a variety of security reports\n\nThe response is an object that contains an output string (the report) and a suggested exitCode.\n```\n{\n report: 'string that contains the security report',\n exit: 1\n}\n```\n\n\n## Basic usage example\n\nThis is intended to be used along with\n[`@npmcli/arborist`](http://npm.im/@npmcli/arborist)'s `AuditReport` class.\n\n```\n'use strict'\nconst Report = require('npm-audit-report')\nconst options = {\n reporter: 'json'\n}\n\nconst arb = new Arborist({ path: '/path/to/project' })\narb.audit().then(report =\u003e {\n const result = new Report(report, options)\n console.log(result.output)\n process.exitCode = result.exitCode\n})\n```\n\n## Break from Version 1\n\nVersion 5 and 6 of the npm CLI make a request to the registry endpoint at\neither the \"Full Audit\" endpoint at `/-/npm/v1/security/audits` or\nthe \"Quick Audit\" endpoint at `/-/npm/v1/security/audits/quick`. The Full\nAudit endpoint calculates remediations necessary to correct problems based\non the shape of the tree.\n\nAs of npm v7, the logic of how the cli manages trees is dramatically\nrearchitected, rendering much of the remediations no longer valid.\nThus, it _only_ fetches the advisory data from the Quick Audit endpoint,\nand uses [`@npmcli/arborist`](http://npm.im/@npmcli/arborist) to calculate\nrequired remediations and affected nodes in the dependency graph. This\ndata is serialized and provided as an `\"auditReportVersion\": 2` object.\n\nVersion 2 of this module expects to receive an instance (or serialized JSON\nversion of) the `AuditReport` class from Arborist, which is returned by\n`arborist.audit()` and stored on the instance as `arborist.auditReport`.\n\nEventually, a new endpoint _may_ be added to move the `@npmcli/arborist` work\nto the server-side, in which case version 2 style audit reports _may_ be\nprovided directly.\n\n## options\n\n| option | values | default | description |\n| :--- | :--- | :--- |:--- |\n| reporter | `install`, `detail`, `json`, `quiet` | `install` | specify which output format you want to use |\n| chalk   | `Chalk` instance  | required  | a Chalk instance to use for colorizing strings. use `new chalk.Instance({ level: 0 })` for no colors |\n| unicode  | `true`, `false`                  | `true` | indicates if unicode characters should be used|\n| indent   | Number or String                | `2` | indentation for `'json'` report|\n| auditLevel | 'info', 'low', 'moderate', 'high', 'critical', 'none' | `low` (ie, exit 0 if only `info` advisories are found) | level of vulnerability that will trigger a non-zero exit code (set to 'none' to always exit with a 0 status code) |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnpm%2Fnpm-audit-report","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnpm%2Fnpm-audit-report","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnpm%2Fnpm-audit-report/lists"}