npm
Sign UpSign In

patchsecurityscanner

1.0.3 • Public • Published

patchsecurityscanner

🔐 A CLI tool to detect vulnerabilities in npm patch versions before installation.

🚨 Why?

Running npm install with ^ or ~ often installs patch versions you didn’t explicitly request. If that patch is vulnerable — you won’t know until it's too late.

This tool stops that before it happens.

🛠 Features

  • 📦 Resolves what exact patch version would be installed
  • 🕵️ Scans for known vulnerabilities via OSV.dev
  • ✅ Prevents risky installs and saves debugging later

🚀 Usage

npx patchsecurityscanner lodash@^4.17.21

Safe Output:
✅ Safe packages:
  - lodash@4.17.21

If vulnerable:
❌ Vulnerabilities found:
  - lodash@4.17.20
    CVE-2021-23337: Prototype 
    
To scan your package.json file before installing it. 
Use command : 'npx patchsecurityscanner preinstall'

Readme

Keywords

Package Sidebar

Install

npm i patchsecurityscanner

Repository

github.com/sunil5637/patchsecurityscanner-cli

Homepage

github.com/sunil5637/patchsecurityscanner-cli#readme

Weekly Downloads

17

Version

1.0.3

License

MIT

Unpacked Size

10.9 kB

Total Files

8

Last publish

Collaborators

  • sunilkumardev42
Try on RunKit
Report malware