Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/travispaul/node-nvd-search

(Unofficial) node module to fetch, cache, and perform offline search of the NIST National Vulnerability Database.
https://github.com/travispaul/node-nvd-search

cve nvd

Last synced: 9 days ago
JSON representation

(Unofficial) node module to fetch, cache, and perform offline search of the NIST National Vulnerability Database.

Host: GitHub
URL: https://github.com/travispaul/node-nvd-search
Owner: travispaul
License: bsd-2-clause
Created: 2019-07-18T19:54:09.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-03-04T04:23:31.000Z (over 1 year ago)
Last Synced: 2024-04-23T23:00:30.782Z (7 months ago)
Topics: cve, nvd
Language: JavaScript
Homepage: https://nvd.nist.gov/vuln/data-feeds
Size: 1.14 MB
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # nvd-search [![Tests](https://github.com/travispaul/node-nvd-search/actions/workflows/test.yml/badge.svg)](https://github.com/travispaul/node-nvd-search/actions/workflows/test.yml)

Node module to fetch, cache, and search the NIST National Vulnerability Database.

## Usage

## new NVD(config);

Create a new instance of the NVD class, you may supply an optional config object.

### nvd.sync(callback, progress)

Sync the local cache with the remote NIST feeds.

If a `progress` function is supplied, it is called after each feed has been handled.

```js

const NVD = require('nvd-search');

const nvd = new NVD();

nvd.sync((error, results) => {

  if (error) {

    return console.error(error);

  }

  // remote files synced, likely want

  // to call `nvd.search()` now

});

```

### nvd.search(id, callback)

Find a specific CVE within the local cached feeds.

```js

nvd.search('CVE-2019-12780', (error, results) => {

  if (error) {

    return console.error(error);

  }

  console.log(results.data); // feed data

});

```

## Configuration Options

You can provide a configuration object to the constructor: `NVD()`.

The following options are honored:

### config.feeds

An array of strings, each representing a feed to download, cache, and search.

You likely don't want to change this option.

**Default:**

```js

feeds: [

  '2002',

  '2003',

  '2004',

  '2005',

  '2006',

  '2007',

  '2008',

  '2009',

  '2010',

  '2011',

  '2012',

  '2013',

  '2014',

  '2015',

  '2016',

  '2017',

  '2018',

  '2019',

  '2020',

  '2021',

  '2022',

  'modified',

  'recent'

]

```

### config.schemaVersion

Feed schema version to use in paths, currently tested with versions 1.0 and 1.1

**Default:**

```js

schemaVersion: '1.1'

```

### config.rootPath

The URL prefix to use when fetching remote feeds. You might want to change

this if you host your own local cache.

**Default:**

```js

rootPath: 'https://nvd.nist.gov/feeds/json/cve/'

```

### config.cacheDir

The directory to use when caching the feeds locally.

If this is not supplied, the environment variable [XDG_CACHE_HOME](https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html)

is used if defined, otherwise the fallback of `~.cache/nvd` is used.

### config.fetchLimit

When fetching remote feeds, only fetch this many files in parallel.

NIST often will throttle and/or disconnect clients making too many connections.

**Default:**

```js

fetchLimit: 2

```

### config.persistAll

Save all files fetched from rootPath, useful for mirroring the feeds.

**Default:**

```js

persistAll: false

```

## See also

- [nvd-search-cli](https://github.com/travispaul/node-nvd-search-cli)