audit-teamcity-report
Advanced tools
`audit-teamcity-report` is a simple CLI and library that prints out an NPM package audit in TeamCity service message format. Useful for running security audits in CI/CD, and monitoring changes.
audit-teamcity-report is a simple CLI and library that prints out an NPM package audit in TeamCity service message format. Useful for running security audits in CI/CD, and monitoring changes.
This package calls the NPM restful API directly to gather security vulnerability data and suggestions. This makes it faster than running npm audit and then using the output to generate readable TeamCity service messages.
Install with Yarn:
$ yarn add --dev audit-teamcity-report
Install with NPM:
$ npm i --save-dev audit-teamcity-report
When the audit identifies vulnerabilities for your packages, a new tab for that build labeled "Code Inspection" will appear. You'll get a list of all packages that require an update, with a description and link to the advisory.
The package can be used in two ways, via the CLI or by consuming the exported functions. audit-teamcity-report will, by default, load your package.json file from the current working directory. It'll then check for a package-lock.json file, if this isn't found, it will try and load a yarn.lock file. If neither lock files are found, it'll run an audit on your top level dependencies only.
If you'd like to only report on packages installed directly into your project (top level), you can use the topLevelOnly argument to do so.
$ audit-teamcity-report
import { readDependencies, auditService, outputReport } from 'audit-teamcity-report';
/*[...]*/
const project = await readDependencies({ topLevelOnly: false });
const result = await auditService(project);
// optional
outputReport(result);
FAQs
`audit-teamcity-report` is a simple CLI and library that prints out an NPM package audit in TeamCity service message format. Useful for running security audits in CI/CD, and monitoring changes.
We found that audit-teamcity-report demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.