npm-audit-to-issue

CI tool maintaining a issue for npm audits

Usage no npm install needed!

<script type="module">
  import npmAuditToIssue from 'https://cdn.skypack.dev/npm-audit-to-issue';
</script>

README

npm-audit-to-issue

This package creates a issue at Gitea if it detects npm security vulnerabilities. It is designed to be integrated into a CI workflow, using cron jobs to check for vulnerabilities on a regular basis.

Installation

npm i -g npm-audit-to-issue

Configuration

To interactively generate a environment variable:

npm-audit-to-issue

Once the environment variable is set, the same command will audit the npm package in the current directory, and create and maintain a issue accordingly.

Example CI script

The following commands can be used with a alpine docker image. It assumes the NPM_AUDIT_TO_ISSUE environment variable being set.

apk add nodejs npm
npm config set unsafe-perm true
npm install --global npm-audit-to-issue
npm-audit-to-issue

License

ISC