A lightweight security dependency audit tool for frontend projects, built on npm audit, providing a clean command-line interface and standard Markdown audit reports.
ejs is required as a template enginenpm install joe-audit --save-dev
npm install -g joe-audit
# Interactive audit of current directory
joe-audit
# Audit specified local directory
joe-audit /path/to/your/project
# Audit remote repository
joe-audit https://github.com/yourusername/your-repo
# Audit current directory and specify output file
joe-audit -o my-audit.md
# Audit specified directory and customize output
joe-audit /path/to/project -o project-audit.md
# Audit remote repository and customize output
joe-audit https://github.com/yourusername/your-repo -o repo-audit.md
The tool provides multiple command aliases, you can choose to use according to your personal preference:
joe-audit (Recommended)joeauditjoeAuditJoeAudit| Parameter | Short | Description |
|---|---|---|
<target> | - | Audit target, which can be a local directory path or remote repository URL |
--output <filename> | -o | Custom audit report output filename Default: joe-audit-result-YYYYMMDDHHMMSS.md |
--help | -h | Show help information |
--version | -v | Show current version |
joe-audit --help
import { auditPackage } from 'joe-audit';
// Audit local project
await auditPackage('/path/to/local/project', 'audit-result.md');
// Audit remote repository
await auditPackage('https://github.com/yourusername/your-repo', 'repo-audit.md');
auditPackage(projectRoot, outputFile)Execute frontend dependency security audit.
Parameters:
projectRoot (string): Project root directory path or remote repository URLoutputFile (string): Audit report output filenameReturn Value:
Promise<void>: Promise resolved after audit completionDuring the audit process, the tool will display a progress bar in real-time, allowing you to understand the current audit progress:
The progress bar includes the following information:
The complete audit process includes the following 7 steps:
进度: [██████████████████░░░░░░░░░░░░░░░░░░░░░] 50% | 阶段: 步骤 4/7 | 执行安全审计 /
The generated Markdown report contains the following content:
# `your-project` Audit Results
## Audit Summary
✅ No security vulnerabilities found
All direct and indirect dependencies passed the security audit.
ISC
Welcome to submit Issues and Pull Requests to help improve this tool!
If you encounter any problems during use, please submit an Issue on the GitHub repository: https://github.com/qiao915/joe-audit/issues
FAQs
A security dependency audit tool for local and remote projects
We found that joe-audit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.