tessl/npm-nsp

Command line interface for the Node Security Platform to scan Node.js projects for known security vulnerabilities

—

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview

Eval results

Files

CLI Interface

Name: tessl/npm-nsp
Author: tessl

The NSP CLI provides command-line access to vulnerability scanning functionality with multiple commands and output options.

Capabilities

Installation and Global Usage

Install NSP globally to use the command-line interface.

# Install globally
npm install -g nsp

# Basic usage
nsp [command] [options]

Root Command

The root command provides version information and help.

# Show version
nsp --version
nsp -v

# Show help  
nsp --help
nsp -h

Check Command

The main command for scanning projects for vulnerabilities.

# Basic vulnerability check
nsp check

# Check with options
nsp check [--output format] [--offline] [--advisoriesPath path] [--warn-only] [--quiet] [--path dir] [--help]

Command Options:

--output, -o - Output format (default, summary, json, codeclimate, none, quiet, or custom formatter)
--offline - Use offline mode (requires npm-shrinkwrap.json and local advisories)
--advisoriesPath - Path to local advisories file for offline mode
--warn-only - Exit with code 0 even when vulnerabilities are found
--quiet - Suppress output except for errors
--path, -p - Directory path to check (defaults to current directory)
--help, -h - Show command help

Output Formats:

default - Colorized table format with detailed vulnerability information
summary - Simplified table showing key fields only
json - Raw JSON output of vulnerability data
codeclimate - Code Climate compatible JSON format
none - Suppress all output
quiet - Minimal output for CI/CD environments

Usage Examples:

# Check current project with default output
nsp check

# Check with JSON output  
nsp check --output json

# Check with summary table
nsp check --output summary

# Check in offline mode
nsp check --offline --advisoriesPath ./advisories.json

# Check specific directory
nsp check --path /path/to/project

# Check with custom formatter (requires nsp-formatter-* package)
npm install -g nsp-formatter-checkstyle
nsp check --output checkstyle

# Warn only mode (don't fail CI builds)
nsp check --warn-only

Exit Codes

The CLI returns different exit codes based on results:

# Exit code 0: No vulnerabilities found or --warn-only flag used
# Exit code 1: Vulnerabilities found or error occurred

Global Options

Options available for all commands:

# Available for all commands
--path, -p <directory>    # Directory to check (default: current directory)
--help, -h               # Show help for command
--output, -o <format>    # Output format (default: default formatter)

Environment Variables

Environment variables that affect CLI behavior:

# Proxy configuration
HTTPS_PROXY=http://proxy.example.com:8080 nsp check
https_proxy=http://proxy.example.com:8080 nsp check

Configuration Files

The CLI respects .nsprc configuration files:

# .nsprc in project root or home directory
{
  "exceptions": ["https://nodesecurity.io/advisories/123"],
  "proxy": "http://proxy.example.com:8080",
  "advisoriesPath": "/path/to/advisories.json"
}

Offline Mode Setup

Setting up offline mode requires downloading the advisory database:

# Download advisory database
npm run setup-offline

# Use offline mode (requires npm-shrinkwrap.json)
nsp check --offline

Integration Examples

Common integration patterns:

# CI/CD pipeline integration
nsp check --output json > security-report.json

# Git pre-commit hook
nsp check --warn-only || echo "Security warnings found"

# Docker container scanning
docker run -v $(pwd):/app -w /app node:alpine sh -c "npm install -g nsp && nsp check"

Install with Tessl CLI