Show HN: NPM-Audit-to-Report (opens in new tab)

(github.com)

5 pointsyehors1y ago5 comments

5 comments

The README is kinda light on details. This is a utility written in Go that convert yarn’s audit file from json to Markdown for reporting as part of the CI pipeline.

I’m wondering if yarn’s audit is better than npm’s audit?

yehorsOP1y ago

Actually, it's the same. As I understand they use one database.

cluckindan1y ago

Why not use

    npm audit --json

and just pass it to a template?

yehorsOP1y ago

Not easy it sounds. Generated file has JSONL and each has summary or advisory lines. My script just processes them to a Markdown in Go.

thangngoc891y ago

The script seems to be invoking yarn audit --json and does the templating.

j / k navigate · click thread line to collapse

5 comments

thangngoc891y ago

The README is kinda light on details. This is a utility written in Go that convert yarn’s audit file from json to Markdown for reporting as part of the CI pipeline.

I’m wondering if yarn’s audit is better than npm’s audit?

yehorsOP1y ago

Actually, it's the same. As I understand they use one database.

cluckindan1y ago

Why not use

    npm audit --json

and just pass it to a template?

yehorsOP1y ago

Not easy it sounds. Generated file has JSONL and each has summary or advisory lines. My script just processes them to a Markdown in Go.

thangngoc891y ago

The script seems to be invoking yarn audit --json and does the templating.

j / k navigate · click thread line to collapse