UNPKG

compact-yarn-audit

Version:

Presents output from yarn audit in a compact table

github.com/sverweij/compact-yarn-audit

sverweij/compact-yarn-audit

61 lines (49 loc) 3.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[![GitHub Workflow Status](https://github.com/sverweij/compact-yarn-audit/actions/workflows/ci.yml/badge.svg)](https://github.com/sverweij/compact-yarn-audit/actions/workflows/ci.yml) [![npm stable version](https://img.shields.io/npm/v/compact-yarn-audit.svg?logo=npm)](https://npmjs.com/package/compact-yarn-audit) [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) ## What's this? _compact-yarn-audit_ presents `yarn audit` output in a compact table, ordered by severity. ## Usage ```sh yarn audit --json --verbose | npx compact-yarn-audit@latest ``` > Note: yarn's audit output can be quite large (gigabytes for a sizeable > monorepo that hasn't had updates for a while), so it can take > some time to process all that data. ## Sample output ``` severity title module via "resolutions" string critical Command Injection destructomatic vertex-cli no fix available critical Remote code execution wh… steering-wheel beach-cruiser "steering-wheel": ">=4.7.7" critical Prototype Pollution steering-wheel beach-cruiser "steering-wheel": ">=4.1.2" high Regular Expression Denia… oedipus-regex vertexql-types no fix available high Command Injection snowdash beach-cruiser "snowdash": ">=4.17.21" high Prototype Pollution snowdash beach-cruiser "snowdash": ">=4.17.12" high Prototype Pollution snowdash beach-cruiser "snowdash": ">=4.17.11" high Command Injection snowdash . "snowdash": ">=4.17.21" high Prototype Pollution snowdash . "snowdash": ">=4.17.12" high Prototype Pollution snowdash . "snowdash": ">=4.17.11" high Prototype Pollution steering-wheel beach-cruiser "steering-wheel": ">=4.5.3" high Arbitrary Code Execution steering-wheel beach-cruiser "steering-wheel": ">=4.5.3" high Arbitrary Code Execution steering-wheel beach-cruiser "steering-wheel": ">=4.5.2" high Prototype Pollution steering-wheel beach-cruiser "steering-wheel": ">=4.3.0" moderate Information Exposure mars-server-core mars-server "mars-server-core": ">=2.14.2" moderate Regular Expression Denia… chestnut beach-cruiser "chestnut": ">=7.1.1" moderate Denial of Service steering-wheel beach-cruiser "steering-wheel": ">=4.4.5" low Prototype Pollution minifog beach-cruiser "minifog": "<1.0.0 || >=1.2.3" low Prototype Pollution snowdash beach-cruiser "snowdash": ">=4.17.19" low Prototype Pollution snowdash . "snowdash": ">=4.17.19" low Prototype Pollution snowdash . "snowdash": ">=4.17.5" ``` ## Why? The default output of yarn's `audit` is verbose (just like npm's audit is). When there's more than 3 vulnerabilities it doesn't fit on a screen anymore. It also contains information I'm not interested in when I want to know what to fix and with what urgency: - What is the module _I_ used to import it (_via_ column)? - If that's not possible what should I put in the _"resolutions" string_? - Can it be fixed at all? - How severe is the vulnerability (_severity_, _title_)? Preferably with the most severe ones on top. This module attempts to fix that by leaving out all information not essential to my use case.