Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Plabick/NPM-Vulnerability-Auditor

A tool to find and fix vulnerabilities caused by out of date packages in npm repositories
https://github.com/Plabick/NPM-Vulnerability-Auditor

npm security-audit security-tools

Last synced: 21 days ago
JSON representation

A tool to find and fix vulnerabilities caused by out of date packages in npm repositories

Awesome Lists containing this project

README 

        
# NPM Vulnerability Auditor

A tool to find and fix vulnerabilities caused by out of date packages in npm repositories Running this tool will clone vulnerable repositories, run `npm audit fix` to update the packages, and suggest a commit or PR message. 



I made this before I knew about dependabot - this does the same thing...but slower. Please use dependabot

## Usage 



```

usage: main.py [-h] -p PAT [-t TEAM] [-o ORGANIZATION] [-n]

```



| Argument | Description | Mandatory |

|----|----|----|

| -p PAT, --pat PAT | Your GitHub Personal Access Token | Yes |

| -n, --npm | Attempt to run common npm commands (build, lint, pack) after applying fixes | No |

| -t TEAM, --team TEAM | Audit all repos belonging to this team | No |

| -o ORGANIZATION, --organization ORGANIZATION | Audit all repos belonging to this organization | No |

| -h | List commands | No |



If no team or organization name is provided, the tool will audit all the user's repos. 



GitHub does not allow the creation of PRs outside of organizations via the API, so you will need to raise a PR. The patched project can be found at repos/ after the tool runs. A suggested PR title and body will be outputed to the console for each repo.