Skip to content

Latest commit

 

History

History
44 lines (34 loc) · 2.21 KB

README.md

File metadata and controls

44 lines (34 loc) · 2.21 KB

JS-CVSS

NPM
License CI CodeQL
OpenSSF Scoreboard

js-cvss is another Common Vulnerability Scoring System (CVSS) implementation, in TypeScript.

Note

Specified by first.org, the CVSS provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

It currently supports :

Warning

It won't support CVSS v1.0, as despite it was a good CVSS start, it can't get vectorized, abbreviations and enumerations are not strongly specified, so the cohesion and interoperability can't be satisfied.

How to use

From your project, you can add @pandatix/js-cvss to your NPM dependencies using the following.

npm install '@pandatix/js-cvss' -D

Then, from your code, import what you need (let's say `CVSS40``) and go on !

import { CVSS40 } from '@pandatix/js-cvss';

...

let vec = CVSS40('CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L');
console.log(vec.Score());