komatora

v1.0.1

Patch management tool to scan local projects dependencies for vulnerabilities

Komatora

Description

Security CLI tool that scans node project's dependency tree and detects components/libraries with known vulnerabilities. komatora is an enhancement of npm audit command provided by the newer versions of npm.

Origin of the name

Komatora - Right Tiger Koma-tora - Guardian stone tigers - pair of statues of tigers as gate guardians located at the entrance, or in front of some temples and shrines related to the mythology of Vaisravana in Japan.

Prerequisites

Node 8.11.3 or newer
npm 6.3.0 or newer

Usage

Globally on your laptop

$ npm install komatora -g
$ cd /path/to/your-node-project
$ komatora

Locally for a specific project

$ cd /path/to/your-node-project
$ npm i ohcm-komatora --save-dev
$ node_modules/.bin/komatora

Use options

  -h: show help message
  -p: set the proxy (example: https_proxy=http://proxy.url.com:8080)
  -f: show full report
  -d: include devDependencies in the scan

Example

$ komatora -p https_proxy=http://proxy.url.com:8080 -d

npm i komatora

Source Code

github.com/lifion/komato...

Homepage

github.com/lifion/komatora#r...

Metadata

MIT
>=10
Ani Agajanyan
released 11/11/2019

Downloads

Maintainers