vulnera
vulnera copied to clipboard
NodeSecure
Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).
I think we should work toward the goal of supporting multiple formats including OSV: https://ossf.github.io/osv-schema/ For the API we should probably rename useStandardFormat to `useFormat`. This new property take a...
The goal of the task is to implement standalone database API like the OSV one for: - [ ] GitHub - [x] Snyk - [x] Sonatype - [x] NVD The...
Bumps the dependencies group with 1 update: [@nodesecure/npm-registry-sdk](https://github.com/NodeSecure/npm-registry-sdk). Updates `@nodesecure/npm-registry-sdk` from 2.1.1 to 3.0.0 Release notes Sourced from @nodesecure/npm-registry-sdk's releases. v3.0.0 What's Changed chore: using dependabot groups by @fabnguess in...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps the github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `step-security/harden-runner` from 2.9.0 to 2.9.1 Release notes Sourced from step-security/harden-runner's releases. v2.9.1 What's Changed Release v2.9.1 by @h0x0er...
Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.9.0` |...
Bumps the dependencies group with 1 update: [@npmcli/arborist](https://github.com/npm/cli/tree/HEAD/workspaces/arborist). Updates `@npmcli/arborist` from 7.5.4 to 8.0.0 Release notes Sourced from @npmcli/arborist's releases. libnpmexec: v8.0.0 8.0.0 (2024-04-25) ⚠️ BREAKING CHANGES libnpmexec now emits...
Bumps the dependencies group with 1 update: [@pnpm/audit](https://github.com/pnpm/pnpm). Updates `@pnpm/audit` from 1001.0.2 to 1002.0.15 Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of...
CI is currently red because Sonatype OSS require authentication - https://ossindex.sonatype.org/rest ```json { "coordinates": [ "pkg:npm/undici" ] } ```
The goal is to re-implement https://github.com/nodejs/nodejs-dependency-vuln-assessments/tree/main/dep_checker using next major of Vulnera. Please refer to the task about standalone API
Metadata
Owner
Metadata
Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).