lazy-auditor

🔍 Lazy Auditor

A beautiful Terminal User Interface (TUI) for npm security auditing. Get instant visual feedback on your dependencies and their vulnerabilities without leaving your terminal.

✨ Features

• 🎨 Beautiful TUI: Intuitive interface with color-coded severity levels
• ⚡ Fast Scanning: Quick dependency analysis with real-time vulnerability detection
• 🎯 Detailed Reports: Comprehensive vulnerability details including CVE info, severity, and remediation steps
• ⌨️ Keyboard Navigation: Full keyboard support with vim-like controls
• 🖱️ Mouse Support: Click and scroll support for modern terminals
• 📊 Statistics: Real-time vulnerability statistics and severity breakdown
• 🔧 Smart Remediation: Actionable suggestions for fixing vulnerabilities

🚀 Installation

# Install globally
npm install -g lazy-auditor

# Or run directly with npx
npx lazy-auditor

🎮 Usage

Navigate to your project directory and run:

lazy-auditor

Keyboard Shortcuts

Key	Action
↑/↓ or k/j	Navigate dependency list
Tab or →	Switch to next panel
Shift+Tab or ←	Switch to previous panel
Space	Show details for selected item
r or F5	Refresh data
h or ?	Show help dialog
q or Ctrl+C	Quit application

Mouse Controls

• Click: Select items
• Scroll: Navigate through content panels
• Hover: Visual feedback on interactive elements

🖼️ Interface Overview

The interface is divided into three main panels:

📦 Dependencies Panel (Left)

• Lists all installed packages
• Shows version numbers
• Displays vulnerability counts
• Color-coded severity indicators

🚨 Vulnerability Details Panel (Top Right)

• Detailed vulnerability information
• CVE/CWE references
• Severity levels and ranges
• Direct links to security advisories

🔧 Suggested Actions Panel (Bottom Right)

• Remediation recommendations
• Update suggestions
• Alternative package recommendations
• Command-line instructions

🎨 Severity Color Coding

• 🔴 Critical: Immediate action required
• 🟣 High: High priority fixes
• 🟡 Moderate: Medium priority
• 🔵 Low: Low priority
• 🔵 Info: Informational only

### Project Structure

lazy-auditor/ ├── bin/ │ └── lazy-auditor.js # CLI entry point ├── src/ │ ├── index.js # Main application logic │ ├── ui.js # TUI interface components │ ├── data.js # Data fetching and processing │ └── actions.js # Vulnerability analysis and remediation ├── package.json └── README.md

### Debug Mode

For troubleshooting vulnerability detection:

```javascript
import { startAppDebug } from './src/index.js';
startAppDebug(); // Shows raw audit data and processing steps

🔧 Configuration

Lazy Auditor works out of the box with no configuration required. It uses:

• npm ls --json to get installed dependencies
• npm audit --json to fetch vulnerability data
• Built-in remediation suggestions based on npm best practices

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Development Guidelines

• Code Style: Follow existing patterns and use meaningful variable names
• Error Handling: Always handle potential errors gracefully
• User Experience: Prioritize intuitive navigation and clear visual feedback
• Performance: Keep the interface responsive, even with large dependency lists

Common Issues & Solutions

Vulnerabilities not showing?

• Ensure you're running in a directory with a package.json
• Try npm audit --json manually to check if npm finds vulnerabilities
• Use debug mode to see raw audit output

TUI not rendering properly?

• Ensure your terminal supports Unicode and colors
• Try resizing your terminal window
• Check that your terminal has sufficient dimensions (minimum 80x24)

Navigation keys not working?

• Different terminals may handle key bindings differently
• Try alternative keys (arrow keys vs vim keys)
• Ensure your terminal is focused and not capturing keys

📄 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

• blessed - Terminal interface toolkit
• blessed-contrib - Widgets for blessed
• chalk - Terminal color styling
• figlet - ASCII art text

🐛 Issues & Support

If you encounter any issues or have suggestions:

• Check the existing issues
• Create a new issue with:
  • Your Node.js and npm versions
  • Terminal type and version
  • Steps to reproduce the problem
  • Expected vs actual behavior

📈 Roadmap

• Priority Filtering: Filter by vulnerability severity
• Export Reports: Save audit results to JSON/CSV
• Package Details: Deep dive into package information
• Dependency Tree: Visual dependency relationship mapping
• Auto-fix: Automated vulnerability remediation
• CI Integration: GitHub Actions/GitLab CI integration
• Custom Themes: Configurable color schemes
• Plugin System: Extensible analysis modules

Made with ❤️ for developers who care about security but love beautiful interfaces.