Checks your package.json / npm-shrinkwrap.json against the Node Security (+) API for dependencies with known vulnerabilities.
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins.
Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-nsp --save-devOnce the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.initConfig({
nsp: {
package: grunt.file.readJSON('package.json')
}
});
grunt.loadNpmTasks('grunt-nsp');This package supports the following options.
- package (object): The contents of a single package.json file [required]
- shrinkwrap (object): The contents of a single npm-shrinkwrap.json file (optional, but is a much more efficient check)
- output (string): Adjust the output format to any formatter supported by nsp
- failOnVulns (boolean): When
truefails the Grunt build, whenfalseallows the build to proceed. Default istrue. - outputFile (string): The filename of a file to write the formatted results to. (optional, results are always written to console)
--package
Path to a package.json file
Example grunt nsp --package ./package.json
--shrinkwrap
Path to a npm-shrinkwrap.json file
Example grunt nsp --shrinkwrap ./npm-shrinkwrap.json
--output nsp output formatter to use Example `grunt nsp --package ./package.json --output summary