scanner
scanner copied to clipboard
NodeSecure
⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
Bumps the npm_and_yarn group with 2 updates: [esbuild](https://github.com/evanw/esbuild) and [tsx](https://github.com/privatenumber/tsx). Updates `esbuild` from 0.23.0 to 0.25.0 Release notes Sourced from esbuild's releases. v0.25.0 This release deliberately contains backwards-incompatible changes. To...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically....
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Vulnera support pnpm by using `@pnpm/audit` but for the tree-walking we are not supporting pnpm as we are using Aborist (official NPM package). Not sure if there is an easy...
Current implementation of DepWalker ignore most of the errors happening (sometimes for good reason) but this can hide issues and lead to a complicated debugging experience when a regression occur....
Sometimes we have an SBOM (json file) as input manifest. Package such as [@cyclonedx/cdxgen](https://www.npmjs.com/package/@cyclonedx/cdxgen) can produce that file for a given local project (package.json). My idea is to implement a...
Contact replaces [authors](https://github.com/NodeSecure/authors). Goal: pull, clean up, and check the security of a package’s contacts (authors / maintainers). ### Today Only supports the scanner: highlights contacts, nothing more. ### Ideas...
Metadata
Owner
Metadata
⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!