Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/trycontrolmymind/danger-plugin-audit
Danger plugin for audit
https://github.com/trycontrolmymind/danger-plugin-audit
audit typescript yarn
Last synced: about 2 months ago
JSON representation
Danger plugin for audit
- Host: GitHub
- URL: https://github.com/trycontrolmymind/danger-plugin-audit
- Owner: trycontrolmymind
- License: mit
- Created: 2021-12-15T19:16:45.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2023-01-08T03:08:59.000Z (about 2 years ago)
- Last Synced: 2024-10-30T03:44:33.207Z (3 months ago)
- Topics: audit, typescript, yarn
- Language: TypeScript
- Homepage:
- Size: 173 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## danger-plugin-audit
Danger plugin which will create notification when found any vulnerable `yarn audit` summary
## Usage
Install:
```sh
yarn add -D danger-plugin-audit
```
dangerfile.js:
```typescript
const { schedule } = require("danger");
const { yarnAudit } = require("danger-plugin-audit");
// Note: You need to use schedule() check
schedule(yarnAudit());
```
## Options
### Filter by vulnerability level
Applying the level flag will limit the audit table to vulnerabilities of the corresponding level and above.
https://classic.yarnpkg.com/en/docs/cli/audit/#toc-commands
```javascript
schedule(yarnAudit({ level: "high" }));
```
### Group by type
Applying the groups flag will limit the audit table to vulnerabilities of the corresponding dependency groups (e.g dependencies, devDependencies).
https://classic.yarnpkg.com/en/docs/cli/audit/#toc-commands
```javascript
schedule(yarnAudit({ groups: "dependencies devDependencies" }));
```
## Example
| title | path | patched in | more |
| --- | --- | --- | --- |
| ⚠️ Prototype Pollution in node-jsonpointer | danger > jsonpointer | >=5.0.0 | [https://github.com/advisories/GHSA-282f-qqgm-c34q](https://github.com/advisories/GHSA-282f-qqgm-c34q) |
| ❗ Uncontrolled Resource Consumption in parse-link-header | danger > parse-link-header | >=2.0.0 | [https://github.com/advisories/GHSA-q674-xm3x-2926](https://github.com/advisories/GHSA-q674-xm3x-2926) |
2 vulnerabilities found - Package audited 167.
Severity: 0 info | 0 low | 1 moderate | 1 high | 0 critical |
Full example you can find here:
https://gitlab.com/vlaad360/example-project-danger/-/merge_requests/1