nodesecure / report Goto Github PK
View Code? Open in Web Editor NEWNodeSecure HTML & PDF report generator for any public and/or private git repositories.
License: MIT License
NodeSecure HTML & PDF report generator for any public and/or private git repositories.
License: MIT License
Create or update .nodesecurerc
with this content:
{
"version": "1.0.0",
"i18n": "english",
"strategy": "npm",
"report": {
"npm": {
"organizationPrefix": "@topcli",
"packages": [
"prompts",
"spinner"
]
},
"git": {
"organizationUrl": "https://github.com/TopCli",
"repositories": []
},
"theme": "light",
"includeTransitiveInternal": false,
"reporters": [
"html",
"pdf"
],
"charts": [
{
"name": "Extensions",
"display": true,
"interpolation": "d3.interpolateRainbow",
"type": "bar"
},
{
"name": "Licenses",
"display": true,
"interpolation": "d3.interpolateCool",
"type": "bar"
},
{
"name": "Warnings",
"display": true,
"type": "horizontalBar",
"interpolation": "d3.interpolateInferno"
},
{
"name": "Flags",
"display": true,
"type": "horizontalBar",
"interpolation": "d3.interpolateSinebow"
}
],
"title": "Default report title",
"logoUrl": "https://avatars0.githubusercontent.com/u/29552883?s=200&v=4"
}
}
Run node . execute
.
It will generate 2 files:
/reports/Default report title.html
/reports/Default report title.pdf
Open both files and go to Transitive Dependencies
Click on [email protected]
.
The HTML report open a new tab to https://www.npmjs.com/package/[email protected] (don't take care to the 404)
The PDF report try to send a mail.
The PDF report open https://www.npmjs.com/package/[email protected] like the HTML one.
The labels are missing from the charts. There were originally supported when I designed the tool (I used the datalabels plugin of Chart.js).
Here an example when labels worked
Others examples are available in that old article: https://dev.to/nodesecure/nsecure-security-report-19ln
Pour le moment le projet est utilisable par le biais d'une unique configuration et par l'exécution du fichier racine index.js. Il pourrait néanmoins intéressant de construire une CLI pour pouvoir mettre en place plusieurs commandes:
Cela peut être fait avec Sade et s'inspirer du CLI de NodeSecure.
Dans un premier temps l'objectif serait uniquement de réimplémenter l'exécution (les autres commandes seront intégrer dans d'autres contributions/PR).
Hello 👋
There is a lot of room to improve that project, however it kinda hard to make definitive issues about things to improve (since it highly depend on UI ideas ..).
Here some of my ideas:
Current section doesn't bring much values (has we only see some avatars in the PDF). I think a list would be better here (with maybe a podium with the top 3 maintainers?).
Most graphics allow to get a global overview of the situation. However it could be cool to allow the user to configure in RC if he want to be alerted of few things, for example:
.exe
Aiming to gain confidence when maintaining the project.
I'd like to have UI tests here ^^
The script exit with a code 1 but there is no specific errors (and everything work as expected).
Il serait cool d'avoir un Schéma JSON de la configuration pour pouvoir avoir de l'auto-complétion (et aussi pouvoir faire de la validation dessus plus tard).
Exemple de configuration: https://github.com/SlimIO/Security/blob/master/data/config.json
Si vous n'êtes pas encore très à l'aise avec JSON Schéma: https://json-schema.org/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.