owdit
Audits nodejs dependencies for known vulnerabilities.
Introduction
Installation
> npm install -g owdit
owdit
should preferably be installed globally.
Usage
Command-line Usage
> owdit
When run from the command line, owdit
will inspect the dependencies listed in package.json
sitting in the current directory and will recursively audit the found dependencies.
When vulnerabilities are found, owdit
prints out a pretty-formatted report.
The exit code of owdit
is the number of found vulnerabilities or -1 on error.
Ignoring vulnerabilities in specific packages
When desirable, one can specify packages with or without a version number to be excluded from owdit's check in a .owditrc
file in the same folder as package.json
:
Vulnerabilities in packages foo
and bar
will be ignored. Vulnerabilities in baz
will get reported but won't make owdit's check fail (i.e. contribute to a non-zero exit code).
Programmatic Usage
const owdit = ;const util = ; owdit
Credits
This work was inspired by: