pkg-vuln-collab-space vs audit-ci

pkg-vuln-collab-space

Project for work on improved Package Vulnerability Management & Reporting (by openjs-foundation)

Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories (by IBM)

Audit Yarn Npm audit-ci Security CI github-actions Pnpm

Source Code

Suggest alternative

Edit details

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App

With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

surveyjs.io

featured

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

pkg-vuln-collab-space		audit-ci
	Project
1	Mentions	1
79	Stars	254
-	Growth	0.0%
0.0	Activity	4.1
almost 2 years ago	Latest Commit	29 days ago
	Language	TypeScript
Apache License 2.0	License	Apache License 2.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

pkg-vuln-collab-space

Posts with mentions or reviews of pkg-vuln-collab-space. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-07-07.

NPM Audit: Broken by Design
7 projects | news.ycombinator.com | 7 Jul 2021

audit-ci

Posts with mentions or reviews of audit-ci. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-07-07.

NPM Audit: Broken by Design
7 projects | news.ycombinator.com | 7 Jul 2021

For those hoping to run npm audit in your CI/CD pipeline, I recommend this tool from IBM: https://github.com/IBM/audit-ci
In highly regulated industries, shipping code flagged as having a vuln without a manual approval could be a liability.
This wrapper around npm takes an allowlist argument, and our procedure is for an engineer to review the failing build, determine if the vulnerability (ugh, usually regex ddos or prototype pollution) is present in code that runs only at build time with trusted inputs, only on the client which is by definition untrusted, or in our webserver which takes in untrusted input.
As long as it's either of the first two, we document it in a commit and comment and redeploy. It's annoying, but it's far better than npm audit forcing a fix.

What are some alternatives?

When comparing pkg-vuln-collab-space and audit-ci you can also consider the following projects:

cli - the package manager for JavaScript

enquirer - Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert

is-number - JavaScript/Node.js utility. Returns `true` if the value is a number or string number. Useful for checking regex match results, user input, parsed strings, etc.

salus - We would like to request that all contributors please clone a *fresh copy* of this repository since the September 21st maintenance.

event-stream - EventStream is like functional programming meets IO

pinst - 🍺 dev only postinstall hooks (package.json)

pwndoc - Pentest Report Generator

safe-npm - safe npm time travel installs

isolate-package - Isolate a monorepo package with its internal dependencies to form a self-contained directory with a pruned lockfile

vite-github-pages-deployer - Deploy your Vite application to Github pages, plug-and-play.