1 | # yarn-audit-html
|
2 |
|
3 | [![](https://img.shields.io/librariesio/release/npm/yarn-audit-html?logo=npm)](https://www.npmjs.com/package/yarn-audit-html)
|
4 | [![](https://img.shields.io/npm/dw/yarn-audit-html?logo=npm)](https://www.npmjs.com/package/yarn-audit-html)
|
5 | [![](https://img.shields.io/snyk/vulnerabilities/npm/yarn-audit-html.svg?style=flat-square&logo=snyk)](https://snyk.io/test/npm/yarn-audit-html)
|
6 | ![](https://img.shields.io/github/last-commit/davityavryan/yarn-audit-html.svg?style=flat-square&logo=github)
|
7 | [![](https://img.shields.io/node/v/yarn-audit-html?logo=node.js)](https://github.com/nodejs/release#release-schedule)
|
8 | [![](https://flat.badgen.net/packagephobia/install/yarn-audit-html?logo=packagephobia)](https://packagephobia.now.sh/result?p=yarn-audit-html)
|
9 |
|
10 | [![PayPal.me](https://img.shields.io/badge/PayPal-donate-blue?style=for-the-badge&logo=paypal)](https://www.buymeacoffee.com/davityavryan)
|
11 | [![Buy me a coffee](https://img.shields.io/badge/Buy%20me%20a%20coffee-donate-yellow?style=for-the-badge&logo=buymeacoffee)](https://www.buymeacoffee.com/davityavryan)
|
12 |
|
13 | ## Generate a HTML report for Yarn Audit
|
14 |
|
15 | ## Install
|
16 |
|
17 | ```bash
|
18 | yarn global add yarn-audit-html
|
19 | ```
|
20 |
|
21 | ## Usage
|
22 |
|
23 | To generate a report, run the following:
|
24 |
|
25 | ```bash
|
26 | # Yarn V1
|
27 | yarn audit --json | yarn-audit-html
|
28 |
|
29 | # Yarn V2+
|
30 | yarn npm audit --json | yarn-audit-html
|
31 | ```
|
32 |
|
33 | By default, unique vulnerability list will be generated (Grouped by `MODULE_NAME`, `VERSION`, `VULNERABLE_VERSIONS`,
|
34 | `ADVISORY_CREATED_DATE` and `CWE`) to `yarn-audit.html`. This way, even if same version of package has multiple
|
35 | vulnerabilities, they will be counted.
|
36 |
|
37 | If you want to specify the output file, add the `--output` option:
|
38 |
|
39 | ```bash
|
40 | yarn audit --json | yarn-audit-html --output report.html
|
41 | ```
|
42 |
|
43 | You can also fully customize the generated report by providing `--template` option followed by your own EJS template:
|
44 |
|
45 | ```bash
|
46 | yarn audit --json | yarn-audit-html --template ./my-awesome-template.ejs
|
47 | ```
|
48 |
|
49 | There is also a possibility to change default theme(materia) to any of available in
|
50 | [Bootswatch](https://bootswatch.com/#:~:text=Cerulean) with `--theme` option followed by theme name: p.s. In future
|
51 | major release default template will change to dark theme.
|
52 |
|
53 | ```bash
|
54 | yarn audit --json | yarn-audit-html --theme darkly
|
55 | ```
|
56 |
|
57 | If you'd like the generator to exit with non-zero exit code when vulnerabilities are found, you can add the
|
58 | `--fatal-exit-code` option:
|
59 |
|
60 | ```bash
|
61 | yarn audit --json | yarn-audit-html --fatal-exit-code
|
62 | ```
|
63 |
|
64 | Inspired by [npm-audit-html](https://github.com/Filiosoft/npm-audit-html) package.
|
65 |
|
66 | See changelog [here](https://github.com/davityavryan/yarn-audit-html/releases).
|