npmpackage.info

yarn-audit-html

Generate a HTML report for Yarn Audit

7.3.2

MIT

TypeScript

Installations

npm install yarn-audit-html

Score

57.6

Supply Chain

91.4

Quality

75.9

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

8

Total

134

Closed

100

Merged

26

Issues

Open

3

Total

16

Closed

13

Releases

Release v7.3.1

v7.3.1

Published on 30 Jul 2023

Release v7.3.0

v7.3.0

Published on 30 Jul 2023

Release v7.2.1-rc.0

v7.2.1-rc.0

Published on 20 May 2023

Release v7.2.0

v7.2.0

Published on 17 May 2023

Release v7.1.1

v7.1.1

Published on 03 May 2023

Release v7.1.0

v7.1.0

Published on 03 May 2023

View all 32 releases

Developer

davityavryan

Developer Guide

BETA

Module System

ESM

Min. Node Version

>=16

Typescript Support

Yes

Node Version

NPM Version

Statistics

29 Stars

184 Commits

13 Forks

2 Watching

10 Branches

6 Contributors

Updated on 27 Sept 2024

Languages

TypeScript (54.66%)

EJS (32.77%)

JavaScript (12.38%)

Shell (0.19%)

Total Downloads

Cumulative downloads

Total Downloads

1,901,347

Last day

5.1%

1,867

Compared to previous day

Last week

4.5%

10,269

Compared to previous week

Last month

10%

43,417

Compared to previous month

Last year

4.9%

522,597

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

yarn-audit-html

Generate a HTML report for Yarn Audit

Install

1yarn add -D yarn-audit-html
2# or globally
3yarn global add yarn-audit-html

Usage

To generate a report, run the following:

Yarn V1

1yarn audit --json | yarn yarn-audit-html

Yarn V2+

1yarn npm audit --json | yarn yarn-audit-html

By default, unique vulnerability list will be generated (Grouped by MODULE_NAME, VERSION, VULNERABLE_VERSIONS, ADVISORY_CREATED_DATE and CWE) to yarn-audit.html. This way, even if same version of package has multiple vulnerabilities, they will be counted.

If you want to specify the output file, add the --output option:

1yarn audit --json | yarn yarn-audit-html --output report.html

You can also fully customize the generated report by providing --template option followed by your own EJS template:

1yarn audit --json | yarn yarn-audit-html --template ./my-awesome-template.ejs

There is also a possibility to change default theme(materia) to any of available in Bootswatch with --theme option followed by theme name: p.s. In future major release default template will change to dark theme.

1yarn audit --json | yarn yarn-audit-html --theme darkly

If you'd like the generator to exit with non-zero exit code when vulnerabilities are found, you can add the --fatal-exit-code option:

1yarn audit --json | yarn yarn-audit-html --fatal-exit-code

Inspired by npm-audit-html package.

See changelog here.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

7

SAST

Determines if the project uses static code analysis.

2

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/codeql.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/davityavryan/yarn-audit-html/test.yml/master?enable=pin
Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

3.1

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to yarn-audit-html

audit-ci

7.1.0

Audits NPM, Yarn, and PNPM projects in CI environments

yarn-audit-fix

10.1.0

The missing `yarn audit fix`

improved-yarn-audit

3.0.0

A wrapper around yarn audit that fixes many issues

npm-audit-resolver

3.0.0-RC.0

Aids humans and automation in managing npm audit results

yarn-audit-html

Installations

Score

Pull Requests

8

134

100

26

Issues

3

16

13

Releases

Developer

davityavryan

Developer Guide

ESM

>=16

Yes

Statistics

Languages

Total Downloads

1,901,347

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Optional Dependencies

yarn-audit-html

Generate a HTML report for Yarn Audit

Install

Usage

Yarn V1

Yarn V2+

10

10

10

7

2

0

0

0

0

0

0

0

0

3.1

/10

Other packages similar to yarn-audit-html