npmpackage.info

Gathering detailed insights and metrics for gulp-nsp

gulp-nsp - 3.0.1 | npmpackage.info

gulp-nsp

3.0.1

NOASSERTION

JavaScript

1.7

Installations

npm install gulp-nsp

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

8.9.4

NPM Version

5.6.0 Pull Requests

Open

0

Total

26

Closed

9

Merged

17

Issues

Open

2

Total

19

Closed

17

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

nodesecurity

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

NOASSERTION License

40 Stars

108 Commits

16 Forks

9 Watchers

2 Branches

10 Contributors

Updated on Jan 30, 2025

Maintainers

View All 10 Contributors

Package Meta Information

Latest Version

3.0.1

Package Id

gulp-nsp@3.0.1

Size

3.18 kB

NPM Version

5.6.0

Node Version

8.9.4

Published on

Feb 15, 2018

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

fancy-log nsp plugin-error

Dev Dependencies

eslint eslint-config-nodesecurity eslint-plugin-hapi gulp

gulp-nsp

Installation

To install the gulp-nsp module into your project simply run

1npm install gulp-nsp --save

Usage

Then in your gulpfile, add the following task.

1var gulpNSP = require('gulp-nsp');
2
3//To check your project
4gulp.task('nsp', function (cb) {
5  gulpNSP({package: __dirname + '/package.json'}, cb);
6});

1//If you're using a shrinkwrap file, pass both the shrinkwrap and the package.json
2gulp.task('nsp', function (cb) {
3  gulpNSP({
4    shrinkwrap: __dirname + '/npm-shrinkwrap.json',
5    package: __dirname + '/package.json'
6  }, cb);
7});

Options

stopOnError

If you don't want to stop your gulp flow if some vulnerabilities have been found use the stopOnError option:

1gulp.task('nsp', function (cb) {
2  gulpNSP({
3    package: __dirname + '/package.json',
4    stopOnError: false
5  }, cb);
6});

output

If you want to use an alternative output reporter provided by nsp use the output option.

1gulp.task('nsp', function (cb) {
2  gulpNSP({
3    package: __dirname + '/package.json',
4    reporter: 'summary'
5  }, cb);
6});

proxy

If you want to use a proxy you can configure it via this option.

1gulp.task('nsp', function (cb) {
2  gulpNSP({
3    package: __dirname + '/package.json',
4    proxy: 'http://127.0.0.1:8080'
5  }, cb);
6});

Exceptions

The Node Security CLI supports adding exceptions. These are advisories that you have evaluated and personally deemed unimportant for your project. Instructions are available on the nsp cli repository.

License

Copyright (c) 2016 by ^Lift Security

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and
limitations under the License.

Note: the above text describes the license for the code located in this repository only. Usage of this tool or the API this tool accesses implies acceptance of our terms of service.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

43 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-8w4h-3cm3-2pm2
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-8g7p-74h8-hg48
Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-jv35-xqg7-f92r
Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

1.7

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More