is-my-node-vulnerable
Advanced tools
Comparing version 1.1.0 to 1.2.0
{ | ||
"name": "is-my-node-vulnerable", | ||
"version": "1.1.0", | ||
"version": "1.2.0", | ||
"description": "package that checks if your Node.js installation is vulnerable to known security vulnerabilities", | ||
@@ -14,2 +14,3 @@ "main": "index.js", | ||
"scripts": { | ||
"build": "ncc build action.js -o dist", | ||
"test": "npm run lint && node test.js", | ||
@@ -23,4 +24,10 @@ "lint": "standard" | ||
}, | ||
"standard": { | ||
"ignore": [ | ||
"dist/**" | ||
] | ||
}, | ||
"license": "MIT", | ||
"dependencies": { | ||
"@actions/core": "^1.10.0", | ||
"@pkgjs/nv": "^0.2.1", | ||
@@ -33,4 +40,5 @@ "cli-color": "^2.0.3", | ||
"devDependencies": { | ||
"standard": "^17.0.0" | ||
"standard": "^17.0.0", | ||
"@vercel/ncc": "^0.36.1" | ||
} | ||
} |
@@ -83,1 +83,23 @@ # is-my-node-vulnerable | ||
[Node.js Security Database]: https://github.com/nodejs/security-wg/tree/main/vuln | ||
## Github Action | ||
This package also provide a Github Action, just include the `node-version` in the yml as follows in order to check an specific version: | ||
```yml | ||
name: "Node.js Vulnerabilities" | ||
on: | ||
schedule: | ||
- cron: "0 0 * * *" | ||
jobs: | ||
is-my-node-vulnerable: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Check Node.js | ||
uses: RafaelGSS/is-my-node-vulnerable@v1.2.0 | ||
with: | ||
node-version: "18.14.1" | ||
``` |
@@ -10,2 +10,5 @@ const assert = require('assert') | ||
assert.ok(await isNodeVulnerable('16.0.0')) | ||
assert.ok(await isNodeVulnerable('19.6.0')) | ||
assert.ok(await isNodeVulnerable('18.14.0')) | ||
assert.ok(await isNodeVulnerable('16.19.0')) | ||
@@ -12,0 +15,0 @@ assert.rejects(() => isNodeVulnerable('lts'), /not get exactly one version/) |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
1353190
10
35384
104
6
2
1
+ Added@actions/core@^1.10.0
+ Added@actions/core@1.10.1(transitive)
+ Added@actions/http-client@2.2.3(transitive)
+ Addedtunnel@0.0.6(transitive)
+ Addeduuid@8.3.2(transitive)