Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

cvss

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

cvss

A CommonJS library for working with Common Vulnerability Scoring System vectors and scores.

  • 1.0.5
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
28K
increased by74.97%
Maintainers
1
Weekly downloads
 
Created
Source

cvss

A CommonJS library for working with Common Vulnerability Scoring System vectors and scores.

Install

npm i cvss

Usage

var cvss = require('cvss');

var score = cvss.getScore('CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L');

console.log(score) // => 6.2

var rating = cvss.getRating(score);

console.log(rating) // => Medium

#getScore [String or Object input], [Object options (optional)]

This is the main scoring method. It may be called with either a valid CVSS3 vector string ('CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L') or an object containing the key/value pairs ({ AV: 'P', AC: 'H', PR: 'N', UI:'R', S: 'C', C: 'L', I: 'H', A: 'L' }) corresponding to one as its input parameter.

The optional options parameter controls whether validation errors throw or not and whether optional temporal and environmental metrics are considered in score calculation

options

  • throw: if validation returns an error, throw the error
  • baseOnly: only consider base metrics when calculating score
  • temporal: include temporal metrics when calculating score
  • env: include temporal AND environmental metrics when calculating score (both are included per CVSS3 spec)

#getBaseScore [String or Object input], [Object options (optional)]

Accepts the same arguments as getScore above, but enforces the baseOnly option.

#getTemporalScore [String or Object input], [Object options (optional)]

Accepts the same arguments as getScore above, but enforces the temporal option.

#getEnvironmentalScore [String or Object input], [Object options (optional)]

Accepts the same arguments as getScore above, but enforces the environmental option.

#getRating [Number score]

Given a numeric score, returns the appropriate CVSS3 severity rating for that number: None for scores < 0.1, Low for scores >= 0.1 and < 4, Medium for scores >=4 and < 7, High for scores >= 7 and < 9, Critical for scores >= 9.

#getBase [String or Object input], [Object options (optional)]

Returns an object with the base score and its rating. Equivalent to

{
    score: getBaseScore(input),
    rating: getRating(getBaseScore(input))
}

#getEnvironmental [String or Object input], [Object options (optional)]

Returns an object with the environmental score and its rating. Equivalent to

{
    score: getEnvironmentalScore(input),
    rating: getRating(getEnvironmentalScore(input))
}

#getTemporal [String or Object input], [Object options (optional)]

Returns an object with the environmental score and its rating. Equivalent to

{
    score: getTemporalScore(input),
    rating: getRating(getTemporalScore(input))
}

#getAll [String or Object input], [Object options (optional)]

Returns object with the score and rating for all three scores:

{
    base: getBase(input),
    temporal: getTemporal(input),
    environmental: getEnvironmental(input)
}

FAQs

Package last updated on 03 Jan 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc