通过
搜索
搜索insite / composer-npm-audit
Composer插件,用于检查NPM包中的漏洞
0.3.2
2023-03-13 10:36 UTC
Requires
- composer-plugin-api: ^2.0
- ext-json: *
- guzzlehttp/guzzle: ^6.4||^7.5
- jean85/pretty-package-versions: ^1.3
Requires (Dev)
- composer/composer: ^1.10
- npm-asset/js-yaml: 3.13.0
- symfony/var-dumper: ^4.4
README
此Composer插件模拟Assets Packagist或Composer Asset Plugin的npm audit。
它提供了一个简单的方式来了解您的NPM依赖项是否存在已知漏洞。
安装
composer require insite/composer-npm-audit
使用方法
只需运行composer npm-audit,它将显示如下表格:
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
Severity Title Dependency Vulnerable versions Recommendation URL
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
high Code Injection js-yaml <3.13.1 Upgrade to version 3.13.1. https://npmjs.net.cn/advisories/813
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
您也可以使用composer npm-audit -c生成一个Composer命令,用于更新有漏洞的依赖项,例如:
composer require npm-asset/js-yaml:>=3.13.1 --update-with-dependencies