Filter the result of the npm audit by the severity level
source link: https://pawelgrzybek.com/filter-the-result-of-the-npm-audit-by-the-severity-level/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Filter the result of the npm audit by the severity level
Published: 2022.09.20 · 2 minutes read
I am not a big fan of how npm audit works, and I am not the only one. The core design is not perfect, and the overall user experience deserves some love.
Let me walk you through a quick real-life example I experienced today, my learnings and a hacky little solution I crafted. First, like many JavaScript developers do thousands of times a day, I typed npm i
in my terminal and went away to brew a coffee. Then, I came back to this.
9 vulnerabilities (2 low, 5 moderate, 2 high, 0 critical)
Classic! I wondered what these two highly vulnerable packages are, so I typed npm audit --audit-level=high
to see a miles-long list of all vulnerabilities in the output. Lesson learnt! The --audit-level
flag does not filter the result but specifies the minimum severity level for npm audit to exit with a non-zero exit code. This flag is helpful when running on the pipeline but not so much to consume the results.
npm audit --log-level=high
$?
1
npm audit --log-level=critical
$?
0
The $?
allows us to preview the exit code of a previous command. A handy little trick, but I still wanted to see only high severity vulnerabilities. So I spent 14 seconds googling around, but I couldn’t find anything that worked as I expected. So I spent another 14 seconds and came out with this snippet.
npm audit --json | node -e 'const fs = require("fs"); const auditLevel = (process.argv[1] || "critical").toLowerCase(); const { vulnerabilities } = JSON.parse(fs.readFileSync(0).toString("utf-8")); const result = Object.values(vulnerabilities).filter((i) => i.severity.toLowerCase() === auditLevel); console.table(JSON.stringify(result, null, 2));' high
Maybe not the most elegant, perhaps not the most efficient, but it works just fine. If you are a grep
wizard, drop a comment below. I will be happy to see your solution.
Thanks for reading, and until next time, stay safe 👋
Leave a comment
Name:
Website (optional):
Twitter (optional):
GitHub (optional):
Comment:
👆 you can use Markdown here
Save my data for the next time I comment
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK