Giters

andrewbrey / npm-global-audit

CLI to perform an audit of globally installed node modules

Home Page:https://www.npmjs.com/package/npm-global-audit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

auditclinodenpm-packagesecurity

This repository has been archived

Thank you for everyone who used this module, starred the repository, or contributed with issues. Going forward, this repository will be in a readonly (archived) state, so feel free to fork it if you wish to continue work on it, and note that the module has been published to npm so if it still work well for you, then great!

This was a fun project to build, but I simply won't have time or desire to address any feature requests or bug fixes going forward, so, I've decided to simply archive the code to reflect that reality.

Thanks again - cheers!

NPM Global Audit

A utility to simplify (and make possible) an audit, i.e. npm audit, of globally installed node modules.

Version Downloads/week License

Usage

npx npm-global-audit

# or, if you prefer to use npm instead of yarn to perform the actual audit

npx npm-global-audit --auditor npm

How it works

npm-global-audit will determine your globally installed node modules using npm built in tools (npm ls -g --depth=0) and will then construct a minimal package.json file in your system temp directories, then use this "local" package.json as the package definition against which an audit can be performed. The audit will be performed against a package.json composed of the exact versions of node modules installed globally at the time of execution, i.e. it does not calculate any semver ranges.

Notes

  • By default the actual audit is performed by yarn (which will be executed via npx in the event that you do not have yarn installed) as the output is more human-readable. You can use npm instead if you prefer by passing the -a / --auditor option.
  • Your node modules need to be installed locally so that a lockfile can be generated which is needed to perform the audit (this is not strictly true when the auditor is yarn, but to keep the logic of this utility simple, it performs the install anyway). To ensure that your system temp dirs won't bloat up with ephemeral node_module installs the script will remove the installed "local" packages when the audit is complete, but will not remove the generated package.json or any relevant lockfiles.
  • The audit only supports npm globally installed node modules. This may be expanded to include other package managers in the future.

About

CLI to perform an audit of globally installed node modules

https://www.npmjs.com/package/npm-global-audit

auditclinodenpm-packagesecurity

License:MIT License

Languages

Language:TypeScript 93.6%Language:JavaScript 5.9%Language:Batchfile 0.5%