⚠️ If you are upgrading from version 0.0.x, please note the following.
- This package is maintained at atwupack/owasp-dependency-check.
- New features as proxy support and GitHub authentication have been added.
- There have been minor changes like the removal of
latest
and returning the result code from the dependency-check-cli which could cause problems after upgrading.- Please check the CHANGELOG if you run into any problems.
- Please report bug reports or feature requests here.
⚠️ Requires Node.js version 20 or greater.
This package is a Node.js wrapper for the OWASP dependency-check-cli.
It is based on the work of etnetera/owasp-dependency-check.
You can see the current OWASP report here.
You can see the current code coverage report here.
npm install -D owasp-dependency-check
The easiest way is to add a new NPM script to your package.json
, for example:
"scripts": {
...
"owasp": "owasp-dependency-check --project \"YOUR PROJECT NAME\" [options]"
}
You can specify any arguments that the OWASP dependency-check-cli provides. For example, to generate an HTML and JSON report, use:
"scripts": {
...
"owasp": "owasp-dependency-check --project \"YOUR PROJECT NAME\" -f HTML -f JSON"
}
Use owasp-dependency-check --help
to check other options.