vulnera icon indicating copy to clipboard operation
vulnera copied to clipboard

verified publisher icon NodeSecure

Metadata

Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).

Results 20 vulnera issues
Sort by recently updated
recently updated
newest added

[Snyk] Upgrade semver from 7.3.7 to 7.3.8

This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to upgrade semver from 7.3.7 to 7.3.8. :information_source: Keep your dependencies up-to-date....

fraxken avatar fraxken

Allow npm strategy to work with pnpm

Currently, the `npm` strategy only works for `package-lock.json` and `npm-shrinkwrap.json` lock files. We could actually extend that to `pnpm-lock.yaml` using the `npm` strategy using programmatically the [library provided by the...

antoine-coulon avatar antoine-coulon

enhancement
good first issue

Make the API work for a given manifest path (or payload).

4 comment

Vuln is originally designed to work with NodeSecure/scanner. However i would like to expand the API to allow any third-party codes to use this package. The hydratePayloadDependencies method is very...

fraxken avatar fraxken

good first issue
help wanted

Finalize the implementation of the Sonatype strategy by implementing API payload and rate limits

For now, the strategy around Sonatype is not taking into account rate and payload limits imposed by the API. - ### Payload limit When requesting multiple `components`, there is a...

antoine-coulon avatar antoine-coulon

enhancement
good first issue

Provide benchmarks for each available strategy given a dataset of librairies with vulnerabilities

The main idea of **@nodesecure/vuln** is to expose a set of strategies to detect vulnerabilities within a given project. In my opinion, it would be great to process some benchmarks...

antoine-coulon avatar antoine-coulon

documentation
benchmark

Merging multiple strategies in one ?

2 comment

Hello 👋, One of the thing to explore is to merge multiple strategies in one to maybe get a better end results ? Any ideas are welcome.

fraxken avatar fraxken

enhancement
help wanted

chore(deps): bump the github-actions group with 1 update

Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.24.8 to 3.24.9 Changelog Sourced from github/codeql-action's changelog. CodeQL Action Changelog See the releases page for the relevant changes...

dependabot[bot] avatar dependabot[bot]

dependencies
github_actions

feat: start implementing useFormat including OSV

1 comment

fraxken avatar fraxken

Implement OSV in the classical Scanner workflow

1 comment

Add a new strategy / set of API to support the new OpenSSF project OSV: https://osv.dev/ Also see the official GitHub repository: https://github.com/ossf/malicious-packages

fraxken avatar fraxken

enhancement
help wanted

Support National Vulnerability Database (NVD)

4 comment

Add a new strategy to support NVD: https://nvd.nist.gov/ The API has a ratelimit but an API key can be requested [here](https://nvd.nist.gov/developers/request-an-api-key) Maybe we need to somehow thinks how to design...

fraxken avatar fraxken

Metadata

30
Stars
14
Forks
Watchers

Owner

verified publisher icon NodeSecure

Metadata

Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).

Back