Audits nodejs dependencies for known vulnerabilities.
> npm install -g owdit
owdit should preferably be installed globally.
When run from the command line,
owdit will inspect the dependencies listed in
package.json sitting in the current directory and will recursively audit the found dependencies.
When vulnerabilities are found,
owdit prints out a pretty-formatted report.
The exit code of
owdit is the number of found vulnerabilities or -1 on error.
When desirable, one can specify packages with or without a version number to be excluded from owdit's check in a
.owditrc file in the same folder as
Vulnerabilities in packages
bar will be ignored. Vulnerabilities in
baz will get reported but won't make owdit's check fail (i.e. contribute to a non-zero exit code).
const owdit = ;const util = ;owdit
This work was inspired by: