NPM.Audit (NPM v0.6.0)

Security audit for npm packages.

Checks installed packages against known vulnerabilities. This module provides the data structures and analysis logic; the actual advisory data would come from the npm audit API.

Summary

Types

advisory()

finding()

severity()

Functions

check(lockfile, advisories)

Checks a lockfile against a list of advisories.

compare_severity(a, b)

Compares two severity levels. Returns :gt, :lt, or :eq.

filter_by_severity(findings, min_severity)

Filters findings by minimum severity level.

fixable?(finding)

Checks if a finding has a patch available.

format_finding(finding)

Formats a finding as a human-readable string.

summary(findings)

Returns a summary of audit findings.

Types

advisory()

@type advisory() :: %{
  id: non_neg_integer(),
  title: String.t(),
  severity: severity(),
  vulnerable_versions: String.t(),
  patched_versions: String.t() | nil,
  url: String.t() | nil
}

finding()

@type finding() :: %{
  package: String.t(),
  installed_version: String.t(),
  advisory: advisory()
}

severity()

@type severity() :: :critical | :high | :moderate | :low | :info

Functions

check(lockfile, advisories)

@spec check(map(), [advisory()]) :: [finding()]

Checks a lockfile against a list of advisories.

Returns findings — packages that match vulnerable version ranges.

compare_severity(a, b)

@spec compare_severity(severity(), severity()) :: :gt | :lt | :eq

Compares two severity levels. Returns :gt, :lt, or :eq.

filter_by_severity(findings, min_severity)

@spec filter_by_severity([finding()], severity()) :: [finding()]

Filters findings by minimum severity level.

fixable?(finding)

@spec fixable?(finding()) :: boolean()

Checks if a finding has a patch available.

format_finding(finding)

@spec format_finding(finding()) :: String.t()

Formats a finding as a human-readable string.

summary(findings)

@spec summary([finding()]) :: %{
  total: non_neg_integer(),
  critical: non_neg_integer(),
  high: non_neg_integer(),
  moderate: non_neg_integer(),
  low: non_neg_integer(),
  fixable: non_neg_integer()
}

Returns a summary of audit findings.