audit-ci

Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories (by IBM)
Add to my DEV experience Audit Yarn Npm audit-ci Security CI github-actions Pnpm
Source Code
Suggest alternative
Edit details
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
Sponsored

Audit-ci Alternatives

Similar projects and alternatives to audit-ci

  • cli

    72 audit-ci VS cli

    the package manager for JavaScript (by npm)

  • enquirer

    18 audit-ci VS enquirer

    Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • is-number

    5 audit-ci VS is-number

    JavaScript/Node.js utility. Returns `true` if the value is a number or string number. Useful for checking regex match results, user input, parsed strings, etc.

  • salus

    1 audit-ci VS salus

    We would like to request that all contributors please clone a *fresh copy* of this repository since the September 21st maintenance. (by coinbase)

  • pinst

    1 audit-ci VS pinst

    🍺 dev only postinstall hooks (package.json)

  • pwndoc

    11 audit-ci VS pwndoc

    Pentest Report Generator

  • event-stream

    5 audit-ci VS event-stream

    Discontinued EventStream is like functional programming meets IO

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • pkg-vuln-collab-space

    1 audit-ci VS pkg-vuln-collab-space

    Project for work on improved Package Vulnerability Management & Reporting

  • safe-npm

    2 audit-ci VS safe-npm

    safe npm time travel installs

  • isolate-package

    1 audit-ci VS isolate-package

    Isolate a monorepo package with its internal dependencies to form a self-contained directory with a pruned lockfile

  • vite-github-pages-deployer

    5 audit-ci VS vite-github-pages-deployer

    Deploy your Vite application to Github pages, plug-and-play.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better audit-ci alternative or higher similarity.
Suggest an alternative to audit-ci

audit-ci reviews and mentions

Posts with mentions or reviews of audit-ci. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-07-07.
  • NPM Audit: Broken by Design
    7 projects | news.ycombinator.com | 7 Jul 2021
    For those hoping to run npm audit in your CI/CD pipeline, I recommend this tool from IBM: https://github.com/IBM/audit-ci

    In highly regulated industries, shipping code flagged as having a vuln without a manual approval could be a liability.

    This wrapper around npm takes an allowlist argument, and our procedure is for an engineer to review the failing build, determine if the vulnerability (ugh, usually regex ddos or prototype pollution) is present in code that runs only at build time with trusted inputs, only on the client which is by definition untrusted, or in our webserver which takes in untrusted input.

    As long as it's either of the first two, we document it in a commit and comment and redeploy. It's annoying, but it's far better than npm audit forcing a fix.

Stats

Basic audit-ci repo stats
1
254
4.1
23 days ago

IBM/audit-ci is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of audit-ci is TypeScript.

Popular Comparisons

  1. audit-ci VS enquirer
  2. audit-ci VS is-number
  3. audit-ci VS salus
  4. audit-ci VS pinst
  5. audit-ci VS pwndoc
  6. audit-ci VS safe-npm
  7. audit-ci VS pkg-vuln-collab-space
  8. audit-ci VS isolate-package
  9. audit-ci VS vite-github-pages-deployer
  10. audit-ci VS cli

Sponsored
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com