New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

@competec/yarn-audit-competec

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@competec/yarn-audit-competec

Competec Audit-Modules

2.0.0
latest
Source
npm

Version published: 5 months ago

Maintainers: 0

Created: 3 years ago

Source

This module is built on the original yarn audit command yarn audit. With the following additional features:

End with a non-zero code, if audit advisories exists for packages in your node-modules
Allow suppression of specified advisories for any given module
Generate a json file containing the yarn audit summary

Installation

Install the npm audit module (yarn add yarn-audit-competec)
Add the suppression file
Add the following script to your package.json

"audit:competec": "yarn audit-competec",

Suppression file

The suppression file ~/.yarn-audit-competec/suppressions.js should be places in the folder .yarn-audit-competec, which should be located at the root of your project and structured as follows:

module.exports = {
    list: [
        {
            githubAdvisoryId: 'GHSA-hjp8-2cm3-cc45',
            suppress: {
                until: '2022-12-31Z',
                reason: 'Third party',
            },
        },
        ...more suppression entries
    ],
}

githubAdvisoryId: The Github Advisory ID of the entry you wish to suppress
suppress.until: The validity of the grace period until this audit is finished with error
suppress.reason: A note for yourself, to remember why you are suppressing this advisory

Audit summary

An audit summary is generated in JSON format and is structured as follows:

ts: The timestamp at which the audit took place
summary.vulnerabilities: a map of all severity levels found and the frequencies
summary.dependencies: the number of modules with advisories in the dependencies
summary.devDependencies: the number of modules with advisories in the devDependencies
summary.optionalDependencies: the number of modules with advisories in the optionalDependencies
summary.totalDependencies: the total number of modules with advisories

Example of audit summary:

{
  "ts": 1652107729515,
  "summary": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 0,
      "high": 0,
      "critical": 0
    },
    "dependencies": 4,
    "devDependencies": 0,
    "optionalDependencies": 0,
    "totalDependencies": 4
  }
}

Version history

1.0.0: Initial release
1.0.1: Ignore licence check
1.0.2: Treat "Unknown error" as failure
2.0.0: removed githubAadvisoryId in favor of githubAdvisoryId in suppressions.js file

Keywords

FAQs

What is @competec/yarn-audit-competec?

Is @competec/yarn-audit-competec well maintained?

Package last updated on 13 Sep 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@competec/yarn-audit-competec

Installation

Suppression file

Audit summary

Keywords

Related posts

require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages

PyPI Now Supports iOS and Android Wheels for Mobile Python Development