insite/composer-npm-audit
最新稳定版本:0.3.3
Composer 安装命令:
composer require insite/composer-npm-audit
包简介
Composer plugin that looks for vulnerabilities in NPM packages
README 文档
README
This Composer plugin mimicks npm audit for packages installed
with Assets Packagist
or the Composer Asset Plugin.
It provides a simple way to know if your NPM dependencies have known vulnerabilities.
Install
composer require insite/composer-npm-audit
Usage
Simply run composer npm-audit and it will display a table like this:
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
Severity Title Dependency Vulnerable versions Recommendation URL
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
high Code Injection js-yaml <3.13.1 Upgrade to version 3.13.1. https://npmjs.com/advisories/813
---------- ---------------- ------------ --------------------- ---------------------------- ----------------------------------
You can also use composer npm-audit -c to generate
a Composer command that will update the vulnerable dependencies, for example:
composer require npm-asset/js-yaml:>=3.13.1 --update-with-dependencies
统计信息
- 总下载量: 4.29k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 2
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-2.0-or-later
- 更新时间: 2019-12-09