bastisk/node-vuln-checker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Sebastian Kiepsch
2025-09-10 16:01:44 +02:00
commit c01eb78463
8 changed files with 601 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
index.js Normal file
View File

@@ -0,0 +1,99 @@
const fs = require('fs');
const path = require('path');
const tableify = require('tableify');
// Parse command line arguments
const args = process.argv.slice(2);
if (args.length === 2) {
vulnPath = path.resolve(args[0]);
pkgLockPath = path.resolve(args[1]);
} else {
}
function cleanVersion(version) {
if (version.startsWith('^')) {
return version.slice(1);
} else if (version.startsWith('~')) {
return version.slice(1);
} else {
return version;
}
}
const rawDataVuln = fs.readFileSync(vulnPath, 'utf8');
const rawDataPackageLock = fs.readFileSync(pkgLockPath, 'utf8');
const vulnJson = JSON.parse(rawDataVuln);
const packageLockJson = JSON.parse(rawDataPackageLock);
let tableOutput = [];
let htmlOutput = '<html><head><link rel="stylesheet" type="text/css" href="style.css"></head><body>';
// Check direct package dep
vulnJson.packages.forEach(vulnPackage => {
console.log("Package: " + vulnPackage.name + ' (' + vulnPackage.version + ")");
for (var packageName in packageLockJson.packages) {
// Check if direct package is vuln
if (packageName.includes(vulnPackage.name)) {
var isVuln = packageLockJson.packages[packageName].version == vulnPackage.version ? "[VULNERABLE] " : "[OK] ";
var sameMajor = cleanVersion(packageLockJson.packages[packageName].version).split('.')[0] == vulnPackage.version.split('.')[0];
if (sameMajor) isVuln = "[SAME MAJOR] "
tableOutput.push({
type: "Package",
flag: isVuln,
package_name: packageName,
installed_version: packageLockJson.packages[packageName].version,
vuln_version: vulnPackage.version
})
}
// Check if dependencies are vuln
for (var dependencyName in packageLockJson.packages[packageName].dependencies) {
if (dependencyName.includes(vulnPackage.name)) {
var isVuln = packageLockJson.packages[packageName].dependencies[dependencyName] == vulnPackage.version ? "[VULNERABLE] " : "[OK] ";
var sameMajor = cleanVersion(packageLockJson.packages[packageName].dependencies[dependencyName]).split('.')[0] == vulnPackage.version.split('.')[0];
if (sameMajor) isVuln = "[SAME MAJOR] "
tableOutput.push({
type: "Package Dependency",
flag: isVuln,
package_name: dependencyName,
parent: packageName,
installed_version: packageLockJson.packages[packageName].dependencies[dependencyName],
vuln_version: vulnPackage.version,
})
}
}
// Check if dev-Dependencies are vuln
for (var dependencyName in packageLockJson.packages[packageName].devDependencies) {
if (dependencyName.includes(vulnPackage.name)) {
var isVuln = packageLockJson.packages[packageName].devDependencies[dependencyName] == vulnPackage.version ? "[VULNERABLE] " : "[OK] ";
var sameMajor = cleanVersion(packageLockJson.packages[packageName].devDependencies[dependencyName]).split('.')[0] == vulnPackage.version.split('.')[0];
if (sameMajor) isVuln = "[SAME MAJOR] "
tableOutput.push({
type: "Package DevDependency",
flag: isVuln,
package_name: dependencyName,
parent: packageName,
installed_version: packageLockJson.packages[packageName].devDependencies[dependencyName],
vuln_version: vulnPackage.version,
});
}
}
}
//console.table(tableOutput);
htmlOutput += "<h4>" + vulnPackage.name + "</h4>"
htmlOutput += tableify(tableOutput)
tableOutput = [];
});
fs.writeFileSync("report.html", htmlOutput + "</body></html>");