Noble
The NPM proxy and node.js dependency reporter.
Noble is a server-side API that exposes several methods to proxy an npm cors request or resolve and report all of a node module's dependencies. It was crafted out of the need to work with the npm API to resolve dependencies and perform vulnerability scans. Then, smash everything together into an excel report.
Installation:
npm install -g noble-server
Fire it up
noble-server
Keep it running forever (hint: you'll need forever).
forever start noble-server
API Methods:
- Retrieve
- Resolve
- Report
Retrieve
Use it like npm, without a version to get all versions.
http://localhost:6901/retrieve/ionic
Or add a specific version as a parameter (unlike npm)
http://localhost:6901/retrieve/ionic?version=latesthttp://localhost:6901/retrieve/ionic?version=1.3.16
Output:
Resolve
Resolve all dependencies, perform a vulnerability scan and output a report.
http://localhost:6901/resolve/forever
Or add a specific version as a parameter (unlike npm)
http://localhost:6901/resolve/forever?version=latesthttp://localhost:6901/resolve/forever?version=0.14.1
Output:
A node.js module with some security issues:
Report
Download a previously generated report (must have already run resolve). The report url is generated and returned in the returned JSON.
http://localhost:6901/report/forever.xlsx
What's next?
There is still quite a lot of work to be done. Currently, this program is only useful as an API and needs to be refactored to also be a command-line utlity. Reporting is limited to the returned JSON and an excel report. It sure would be nice to pick your flavor (xml, csv, etc).
Contributing
I welcome all contributors to this project. Please fork it, make your changes and submit a pull request.
Props
To nodesecurity for providing the ability to check their database of security advisories. And to the other open source projects I've used to enable the capabilities this program provides.
License
MIT.