Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
By Trevor Norris - Jan 09, 2025
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
better-npm-audit
Advanced tools
Better NPM Audit
Made to allow skipping certain vulnerabilities, and any extra handling that are not supported by the default npm audit in the future.
Installation
$ npm install better-npm-audit --save
Package.json
{
"scripts": {
"prepush": "npm run test && npm run audit",
"audit": "node node_modules/better-npm-audit audit"
}
}
Flags
For skipping certain advisories, you can use -i or verbose --ignore flags
node node_modules/better-npm-audit audit -i 118,577
Examples
Running node node_modules/better-npm-audit audit with vulnerabilities, will receive the error:
Error: 2 vulnerabilities found. Node security advisories: 118,577
at Socket.audit.stdout.on.data (C:\Users\user\project\node_modules\better-npm-audit\index.js:51:15)
at emitOne (events.js:121:20)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:246:13)
at Socket.Readable.push (_stream_readable.js:208:10)
at Pipe.onread (net.js:594:20)
Added the ignore flags node node_modules/better-npm-audit audit -i 118,577 and rerun:
Executing script: audit
to be executed: "node node_modules/better-npm-audit audit -i 118,577"
Exception Vulnerabilities IDs: [ '118', '577' ]
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of semantic-ui
Path semantic-ui > gulp > vinyl-fs > glob-stream > glob >
minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of semantic-ui
Path semantic-ui > gulp > vinyl-fs > glob-stream > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of semantic-ui
Path semantic-ui > gulp > vinyl-fs > glob-watcher > gaze >
globule > glob > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of semantic-ui
Path semantic-ui > gulp > vinyl-fs > glob-watcher > gaze >
globule > minimatch
More info https://nodesecurity.io/advisories/118
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of semantic-ui
Path semantic-ui > gulp > vinyl-fs > glob-watcher > gaze >
globule > lodash
More info https://nodesecurity.io/advisories/577
found 5 vulnerabilities (1 low, 4 high) in 30441 scanned packages
5 vulnerabilities require manual review. See the full report for details.
🤝 All good
FAQs
Reshape into a better npm audit for the community and encourage more people to include security audit into their process.
The npm package better-npm-audit receives a total of 41,635 weekly downloads. As such, better-npm-audit popularity was classified as popular.
We found that better-npm-audit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 12 Dec 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
By Kirill Boychenko - Jan 08, 2025
Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
By Sarah Gooding - Jan 07, 2025