Nsp

nsp aka: Node Security Project

Check if your Node.js projects are using packages with known and public vulnerable dependencies, using NSP DB.

Install it: npm install -g nsp

Usage:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
nmotw.in> nsp

Usage: [command] --arg=value --arg2

Help:
  help              Show help menu
  [cmd] help        Show command help menu

Options:
  version           shows the current version of nsp
  shrinkwrap        alias to audit-shrinkwrap
  audit-shrinkwrap  audits your `npm shrinkwrap` against NSP db
  package           alias to audit-package
  audit-package     audits your package.json against NSP db
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
nmotw.in> cat package.json
{
  "name": "test",
  "version": "0.0.1",
  "author": "Node Security Project",
  "dependencies": {
    "node-print": "0.0.4",
    "request": "^2.40.0",
    "qs": "^0.5"
  }
}

nmotw.in> nsp package
Name  Installed  Patched  Vulnerable Dependency
qs      0.5.6     >= 1.x  test@0.0.1 > qs@0.5.6

The same can be used for auditing shrinkwrap.

GIF FTW!

nsp

Thanks to the nodesecurity for making security easy!

Suggest a module

Comments