tessl/npm-nsp
Command line interface for the Node Security Platform to scan Node.js projects for known security vulnerabilities
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
To install, run
npx @tessl/cli install tessl/npm-nsp@2.8.0index.mddocs/
NSP (Node Security Platform CLI)
The Node Security Platform CLI is a command-line tool and Node.js library for scanning Node.js projects for known security vulnerabilities. It identifies vulnerable dependencies by checking package.json, npm-shrinkwrap.json, and package-lock.json files against the Node Security database, providing multiple output formats and supporting both online and offline modes.
Package Information
- Package Name: nsp
- Package Type: npm
- Language: JavaScript (Node.js)
- Installation:
npm install -g nsp
Core Imports
const nsp = require('nsp');
const { check, formatters, getFormatter } = require('nsp');Basic Usage
Command Line Interface
# Check current project for vulnerabilities
nsp check
# Check with specific output format
nsp check --output json
# Check in offline mode
nsp check --offline --advisoriesPath ./advisories.json
# Show help
nsp --helpLibrary API
const nsp = require('nsp');
// Check a project programmatically
nsp.check({
package: './package.json',
shrinkwrap: './npm-shrinkwrap.json'
}, function(err, results) {
if (err) {
console.error('Error:', err);
return;
}
if (results.length > 0) {
console.log('Found', results.length, 'vulnerabilities');
results.forEach(vuln => {
console.log(`${vuln.module}@${vuln.version}: ${vuln.title}`);
});
} else {
console.log('No vulnerabilities found');
}
});Architecture
NSP is built around several key components:
- CLI Interface: Command-line interface using the subcommand library for routing commands
- Check Engine: Core vulnerability scanning logic that processes package dependencies
- Output Formatters: Multiple output formats for different use cases (default, json, summary, etc.)
- Configuration System: Support for .nsprc configuration files and environment variables
- Offline Mode: Capability to work with local advisory databases without internet access
Capabilities
Command Line Interface
Complete command-line interface for vulnerability scanning with multiple commands and output options.
// CLI commands available via bin/nsp
// Root command: nsp [--version] [--help]
// Check command: nsp check [options]Library API
Programmatic interface for integrating vulnerability scanning into Node.js applications.
function check(options, callback);
function getFormatter(name);
interface CheckOptions {
package?: string | object;
shrinkwrap?: string | object;
packagelock?: string | object;
exceptions?: string[];
offline?: boolean;
advisoriesPath?: string;
proxy?: string;
}Output Formatters
Multiple built-in formatters for displaying vulnerability results in different formats.
const formatters = {
default: function(err, data, pkgPath),
summary: function(err, data, pkgPath),
json: function(err, data, pkgPath),
codeclimate: function(err, data, pkgPath),
none: function(err, data, pkgPath),
quiet: function(err, data, pkgPath)
};Configuration
Configuration system supporting .nsprc files and environment variables for proxy settings and exceptions.
// Configuration options in .nsprc
interface NSPConfig {
exceptions?: string[];
proxy?: string;
advisoriesPath?: string;
}Types
interface VulnerabilityResult {
module: string;
version: string;
vulnerable_versions: string;
patched_versions: string;
title: string;
path: string[];
advisory: string;
cvss_score?: number;
}
interface CheckCallback {
(err: Error | null, results: VulnerabilityResult[]): void;
}
interface FormatterFunction {
(err: Error | null, data: VulnerabilityResult[], pkgPath: string): string;
}