@nodesecure/report

Dependencies

Maintainers

Versions

Alerts

File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nodesecure/report

NodeSecure HTML & PDF graphic security report

1.1.1

latest

Source

npm

Version published: 3 months ago

Weekly downloads: 13; decreased by-51.85%

Maintainers: 5

Created: 3 months ago

Weekly downloads

Readme

Source

@nodesecure/report

Project created to generate periodic security reports (HTML and PDF formats). It use @nodesecure/scanner under the hood to fetch all required datas.

Screen1	Screen2

Features

Automatically clone GIT projects for you.
Have an overview of several projects (git or npm).
Ability to visualize changes over weeks.

Requirements

Node.js v18 or higher.

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ git clone https://github.com/NodeSecure/report.git
$ cd report
$ npm i
$ npm link

Then the nodesecure/report binary will be available in your terminal.

nreport initialize
nreport execute

Environment Variables

To configure the project you have to register (set) environment variables on your system. These variables can be set in a .env file (that file must be created at the root of the project).

GIT_TOKEN=
NODE_SECURE_TOKEN=

To known how to get a GIT_TOKEN or how to register environment variables follow our Governance Guide.

For NODE_SECURE_TOKEN, please check the nsecure documentation.

Configuration example

Under the hood it use the official NodeSecure runtime configuration.

{
  "version": "1.0.0",
  "i18n": "english",
  "strategy": "npm",
  "report": {
    "theme": "light",
    "includeTransitiveInternal": false,
    "reporters": ["html", "pdf"],
    "npm": {
      "organizationPrefix": "@nodesecure",
      "packages": ["@nodesecure/js-x-ray"]
    },
    "git": {
      "organizationUrl": "https://github.com/NodeSecure",
      "repositories": []
    },
    "charts": [
      {
        "name": "Extensions",
        "display": true,
        "interpolation": "d3.interpolateRainbow",
        "type": "bar"
      },
      {
        "name": "Licenses",
        "display": true,
        "interpolation": "d3.interpolateCool",
        "type": "bar"
      },
      {
        "name": "Warnings",
        "display": true,
        "type": "horizontalBar",
        "interpolation": "d3.interpolateInferno"
      },
      {
        "name": "Flags",
        "display": true,
        "type": "horizontalBar",
        "interpolation": "d3.interpolateSinebow"
      }
    ],
    "title": "NodeSecure Security Report",
    "logoUrl": "https://avatars.githubusercontent.com/u/85318671?s=200&v=4"
  }
}

TypeScript definition

/**
 * Configuration dedicated for NodeSecure Report
 * @see https://github.com/NodeSecure/report
 */
export interface ReportConfiguration {
  /**
   * @default `light`
   */
  theme?: "light" | "dark";
  title: string;
  /**
   * URL to a logo to show on the final HTML/PDF Report
   */
  logoUrl: string;
  /**
   * Show/categorize internal dependencies as transitive
   * @default false
   */
  includeTransitiveInternal?: boolean;
  npm?: {
    /**
     * NPM organization prefix starting with @
     * @example `@nodesecure`
     */
    organizationPrefix: string;
    packages: string[];
  };
  git?: {
    /**
     * GitHub organization URL
     * @example `https://github.com/NodeSecure`
     */
    organizationUrl: string;
    /**
     * List of repositories (name are enough, no need to provide .git url or any equivalent)
     */
    repositories: string[];
  };
  /**
   * @default html,pdf
   */
  reporters?: ("html" | "pdf")[];
  charts?: ReportChart[];
}

export interface ReportChart {
  /**
   * List of available charts.
   */
  name: "Extensions" | "Licenses" | "Warnings" | "Flags";
  /**
   * @default true
   */
  display?: boolean;
  /**
   * Chart.js chart type.
   *
   * @see https://www.chartjs.org/docs/latest/charts
   * @default `bar`
   */
  type?: "bar" | "horizontalBar" | "polarArea" | "doughnut";
  /**
   * D3 Interpolation color. Will be picked randomly by default if not provided.
   * @see https://github.com/d3/d3-scale-chromatic/blob/main/README.md
   */
  interpolation?: string;
}

The theme can be either dark or light. Themes are editable in public/css/themes (feel free to PR new themes if you want).

All D3 scale-chromatic for charts can be found here.

API

[!IMPORTANT] The API is ESM only

`report(reportOptions, scannerPayload): Promise<Buffer>`

Returns a PDF Buffer based on the givens report options and scanner payload.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

_Gentilhomme
💻 📖 👀 🛡️ 🐛

_{Vincent Dhennin}
💻 📖 👀

_{Nicolas Hallaert}
📖

_Max
💻

_{Kouadio Fabrice Nguessan}
🚧

_halcin
🐛 💻 ️️️️♿️

_{PierreDemailly}
💻

License

MIT

Keywords

FAQs

What is @nodesecure/report?

Is @nodesecure/report popular?

Is @nodesecure/report well maintained?

Last updated on 11 Mar 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install