is-my-node-vulnerable
Advanced tools
is-my-node-vulnerable - npm Package Compare versions
Comparing version 1.1.0 to 1.2.0
| { | ||
| "name": "is-my-node-vulnerable", | ||
| "version": "1.1.0", | ||
| "version": "1.2.0", | ||
| "description": "package that checks if your Node.js installation is vulnerable to known security vulnerabilities", | ||
@@ -14,2 +14,3 @@ "main": "index.js", | ||
| "scripts": { | ||
| "build": "ncc build action.js -o dist", | ||
| "test": "npm run lint && node test.js", | ||
@@ -23,4 +24,10 @@ "lint": "standard" | ||
| }, | ||
| "standard": { | ||
| "ignore": [ | ||
| "dist/**" | ||
| ] | ||
| }, | ||
| "license": "MIT", | ||
| "dependencies": { | ||
| "@actions/core": "^1.10.0", | ||
| "@pkgjs/nv": "^0.2.1", | ||
@@ -33,4 +40,5 @@ "cli-color": "^2.0.3", | ||
| "devDependencies": { | ||
| "standard": "^17.0.0" | ||
| "standard": "^17.0.0", | ||
| "@vercel/ncc": "^0.36.1" | ||
| } | ||
| } |
@@ -83,1 +83,23 @@ # is-my-node-vulnerable | ||
| [Node.js Security Database]: https://github.com/nodejs/security-wg/tree/main/vuln | ||
| ## Github Action | ||
| This package also provide a Github Action, just include the `node-version` in the yml as follows in order to check an specific version: | ||
| ```yml | ||
| name: "Node.js Vulnerabilities" | ||
| on: | ||
| schedule: | ||
| - cron: "0 0 * * *" | ||
| jobs: | ||
| is-my-node-vulnerable: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Check Node.js | ||
| uses: RafaelGSS/is-my-node-vulnerable@v1.2.0 | ||
| with: | ||
| node-version: "18.14.1" | ||
| ``` |
@@ -10,2 +10,5 @@ const assert = require('assert') | ||
| assert.ok(await isNodeVulnerable('16.0.0')) | ||
| assert.ok(await isNodeVulnerable('19.6.0')) | ||
| assert.ok(await isNodeVulnerable('18.14.0')) | ||
| assert.ok(await isNodeVulnerable('16.19.0')) | ||
@@ -12,0 +15,0 @@ assert.rejects(() => isNodeVulnerable('lts'), /not get exactly one version/) |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by10748.95%
1353190
- Number of package files
- increased by42.86%
10
- Lines of code
- increased by21088.02%
35384
- Number of lines in readme file
- increased by25.3%
104
Worsened metrics
- Dependency count
- increased by20%
6
- Dev dependency count
- increased by100%
2
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Added@actions/core@^1.10.0
+ Added@actions/core@1.10.1(transitive)
+ Added@actions/http-client@2.2.3(transitive)
+ Addedtunnel@0.0.6(transitive)
+ Addeduuid@8.3.2(transitive)