This is not a good solution and is not recommended to use
Add a notification for insecure versions of your modules.
This is an attempt to bring some of the features of npm audit to Deno.
You need to create a JSON database that uses this schema.
Example:
{
"$schema": "https://deno.land/x/audit/schema.json",
"versions": [
{
"tag": "1.2",
"patch": "1.2.1",
"note": "https://link/to/the/nocice"
},
{
"tag": "2.6",
"patch": "2.6.5",
"note": "This version is vulnerable to XXS"
},
{
"tag": "4.6",
"patch": "4.6.1",
"note": "Vulnerability notice"
}
]
}Then import the audit() function in your module and pass in the required arguments
Arguments
- Your module name
- Audit database. (a json file with the list if depricated and insecure versions of you module name)
- Current module version
Example:
import audit from "https://deno.land/x/audit/mod.ts";
await audit("testModule", "https://deno.land/x/audit/example.json", "2.6");
// your module codeDo not use a fixed version of the database if you are using git. Use the database directly from the master branch if this is the case.
To run an audit on your application, add --audit flag to your application. This would notify you if you are using an insecure version of any of your dependencies.
NOTE: This will only work for modules which use this module to mark their modules.
This software is distributed under MIT License