nsp

Node Security Project command line tool

command line tools

This package consists in a CLI tool that enables developers or CI tools to check if their Node.js projects are using packages with known and public vulnerable dependencies. The vulnerability database is provided by the Node Security Project

![Gitter](https://badges.gitter.im/Join Chat.svg)

Through npm:

npm i nsp -g

Through GitHub:

git clone git@github.com:nodesecurity/nsp.git
cd nsp
npm link

Usage

nsp audit-shrinkwrap

Takes an existing npm-shrinkwrap.json file and submits it for validation to nodesecurity.io

Example:

$ nsp audit-shrinkwrap
Name     Installed  Patched  Vulnerable Dependency
connect    2.7.5    >=2.8.1  nodesecurity-jobs > kue > express

nsp audit-package

Takes an existing package.json file and submits it for validation to nodesecurity.io

Example:

$ nsp audit-package
Name     Installed  Patched  Vulnerable Dependency
connect    2.7.5    >=2.8.1  nodesecurity-jobs > kue > express