Show HN: NPM-Audit-to-Report (opens in new tab)

(github.com)

5 pointsyehors1y ago5 comments

5 comments

5 comments · 2 top-level

cluckindan1y ago· 2 in thread

Why not use

    npm audit --json

and just pass it to a template?

yehorsOP1y ago

Not easy it sounds. Generated file has JSONL and each has summary or advisory lines. My script just processes them to a Markdown in Go.

thangngoc891y ago

The script seems to be invoking yarn audit --json and does the templating.

thangngoc891y ago· 1 in thread

The README is kinda light on details. This is a utility written in Go that convert yarn’s audit file from json to Markdown for reporting as part of the CI pipeline.

I’m wondering if yarn’s audit is better than npm’s audit?

yehorsOP1y ago

Actually, it's the same. As I understand they use one database.

j / k navigate · click thread line to collapse

5 comments

5 comments · 2 top-level

cluckindan1y ago· 2 in thread

Why not use

    npm audit --json

and just pass it to a template?

yehorsOP1y ago

Not easy it sounds. Generated file has JSONL and each has summary or advisory lines. My script just processes them to a Markdown in Go.

thangngoc891y ago

The script seems to be invoking yarn audit --json and does the templating.

thangngoc891y ago· 1 in thread

The README is kinda light on details. This is a utility written in Go that convert yarn’s audit file from json to Markdown for reporting as part of the CI pipeline.

I’m wondering if yarn’s audit is better than npm’s audit?

yehorsOP1y ago

Actually, it's the same. As I understand they use one database.

j / k navigate · click thread line to collapse