or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

tessl/npm-nsp

Command line interface for the Node Security Platform to scan Node.js projects for known security vulnerabilities

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/nsp@2.8.x

To install, run

npx @tessl/cli install tessl/npm-nsp@2.8.0
0
# NSP (Node Security Platform CLI)
1


2
The Node Security Platform CLI is a command-line tool and Node.js library for scanning Node.js projects for known security vulnerabilities. It identifies vulnerable dependencies by checking package.json, npm-shrinkwrap.json, and package-lock.json files against the Node Security database, providing multiple output formats and supporting both online and offline modes.
3


4
## Package Information
5


6
- **Package Name**: nsp
7
- **Package Type**: npm
8
- **Language**: JavaScript (Node.js)
9
- **Installation**: `npm install -g nsp`
10


11
## Core Imports
12


13
```javascript
14
const nsp = require('nsp');
15
const { check, formatters, getFormatter } = require('nsp');
16
```
17


18
## Basic Usage
19


20
### Command Line Interface
21


22
```bash
23
# Check current project for vulnerabilities
24
nsp check
25


26
# Check with specific output format
27
nsp check --output json
28


29
# Check in offline mode
30
nsp check --offline --advisoriesPath ./advisories.json
31


32
# Show help
33
nsp --help
34
```
35


36
### Library API
37


38
```javascript
39
const nsp = require('nsp');
40


41
// Check a project programmatically
42
nsp.check({
43
  package: './package.json',
44
  shrinkwrap: './npm-shrinkwrap.json'
45
}, function(err, results) {
46
  if (err) {
47
    console.error('Error:', err);
48
    return;
49
  }
50
  
51
  if (results.length > 0) {
52
    console.log('Found', results.length, 'vulnerabilities');
53
    results.forEach(vuln => {
54
      console.log(`${vuln.module}@${vuln.version}: ${vuln.title}`);
55
    });
56
  } else {
57
    console.log('No vulnerabilities found');
58
  }
59
});
60
```
61


62
## Architecture
63


64
NSP is built around several key components:
65


66
- **CLI Interface**: Command-line interface using the subcommand library for routing commands
67
- **Check Engine**: Core vulnerability scanning logic that processes package dependencies
68
- **Output Formatters**: Multiple output formats for different use cases (default, json, summary, etc.)
69
- **Configuration System**: Support for .nsprc configuration files and environment variables
70
- **Offline Mode**: Capability to work with local advisory databases without internet access
71


72
## Capabilities
73


74
### Command Line Interface
75


76
Complete command-line interface for vulnerability scanning with multiple commands and output options.
77


78
```javascript { .api }
79
// CLI commands available via bin/nsp
80
// Root command: nsp [--version] [--help]
81
// Check command: nsp check [options]
82
```
83


84
[CLI Interface](./cli.md)
85


86
### Library API
87


88
Programmatic interface for integrating vulnerability scanning into Node.js applications.
89


90
```javascript { .api }
91
function check(options, callback);
92
function getFormatter(name);
93


94
interface CheckOptions {
95
  package?: string | object;
96
  shrinkwrap?: string | object;
97
  packagelock?: string | object;  
98
  exceptions?: string[];
99
  offline?: boolean;
100
  advisoriesPath?: string;
101
  proxy?: string;
102
}
103
```
104


105
[Library API](./library.md)
106


107
### Output Formatters
108


109
Multiple built-in formatters for displaying vulnerability results in different formats.
110


111
```javascript { .api }
112
const formatters = {
113
  default: function(err, data, pkgPath),
114
  summary: function(err, data, pkgPath),
115
  json: function(err, data, pkgPath),
116
  codeclimate: function(err, data, pkgPath),
117
  none: function(err, data, pkgPath),
118
  quiet: function(err, data, pkgPath)
119
};
120
```
121


122
[Output Formatters](./formatters.md)
123


124
### Configuration
125


126
Configuration system supporting .nsprc files and environment variables for proxy settings and exceptions.
127


128
```javascript { .api }
129
// Configuration options in .nsprc
130
interface NSPConfig {
131
  exceptions?: string[];
132
  proxy?: string;
133
  advisoriesPath?: string;
134
}
135
```
136


137
[Configuration](./configuration.md)
138


139
## Types
140


141
```javascript { .api }
142
interface VulnerabilityResult {
143
  module: string;
144
  version: string;
145
  vulnerable_versions: string;
146
  patched_versions: string;
147
  title: string;
148
  path: string[];
149
  advisory: string;
150
  cvss_score?: number;
151
}
152


153
interface CheckCallback {
154
  (err: Error | null, results: VulnerabilityResult[]): void;
155
}
156


157
interface FormatterFunction {
158
  (err: Error | null, data: VulnerabilityResult[], pkgPath: string): string;
159
}
160
```