1 | # yarn-audit-html
|
2 |
|
3 | [![](https://img.shields.io/librariesio/release/npm/yarn-audit-html?logo=npm)](https://www.npmjs.com/package/yarn-audit-html)
|
4 | [![](https://img.shields.io/npm/dw/yarn-audit-html?logo=npm)](https://www.npmjs.com/package/yarn-audit-html)
|
5 | [![](https://img.shields.io/snyk/vulnerabilities/npm/yarn-audit-html.svg?style=flat-square&logo=snyk)](https://snyk.io/test/npm/yarn-audit-html)
|
6 | ![](https://img.shields.io/github/last-commit/davityavryan/yarn-audit-html.svg?style=flat-square&logo=github)
|
7 | [![](https://img.shields.io/node/v/yarn-audit-html?logo=node.js)](https://github.com/nodejs/release#release-schedule)
|
8 | [![](https://flat.badgen.net/packagephobia/install/yarn-audit-html?logo=packagephobia)](https://packagephobia.now.sh/result?p=yarn-audit-html)
|
9 | [![](https://codecov.io/gh/davityavryan/yarn-audit-html/branch/master/graph/badge.svg?token=8HXXAIN7OY)](https://codecov.io/gh/davityavryan/yarn-audit-html)
|
10 |
|
11 | [![PayPal.me](https://img.shields.io/badge/PayPal-donate-blue?style=for-the-badge&logo=paypal)](https://www.buymeacoffee.com/davityavryan)
|
12 | [![Buy me a coffee](https://img.shields.io/badge/Buy%20me%20a%20coffee-donate-yellow?style=for-the-badge&logo=buymeacoffee)](https://www.buymeacoffee.com/davityavryan)
|
13 |
|
14 | ## Generate a HTML report for Yarn Audit
|
15 |
|
16 | ## Install
|
17 |
|
18 | ```bash
|
19 | yarn add -D yarn-audit-html
|
20 | # or globally
|
21 | yarn global add yarn-audit-html
|
22 | ```
|
23 |
|
24 | ## Usage
|
25 |
|
26 | To generate a report, run the following:
|
27 |
|
28 | ### Yarn V1
|
29 |
|
30 | ```bash
|
31 | yarn audit --json | yarn yarn-audit-html
|
32 | ```
|
33 |
|
34 | ### Yarn V2+
|
35 |
|
36 | ```bash
|
37 | yarn npm audit --json | yarn yarn-audit-html
|
38 | ```
|
39 |
|
40 | By default, unique vulnerability list will be generated (Grouped by `MODULE_NAME`, `VERSION`, `VULNERABLE_VERSIONS`,
|
41 | `ADVISORY_CREATED_DATE` and `CWE`) to `yarn-audit.html`. This way, even if same version of package has multiple
|
42 | vulnerabilities, they will be counted.
|
43 |
|
44 | If you want to specify the output file, add the `--output` option:
|
45 |
|
46 | ```bash
|
47 | yarn audit --json | yarn yarn-audit-html --output report.html
|
48 | ```
|
49 |
|
50 | You can also fully customize the generated report by providing `--template` option followed by your own EJS template:
|
51 |
|
52 | ```bash
|
53 | yarn audit --json | yarn yarn-audit-html --template ./my-awesome-template.ejs
|
54 | ```
|
55 |
|
56 | There is also a possibility to change default theme(materia) to any of available in
|
57 | [Bootswatch](https://bootswatch.com/#:~:text=Cerulean) with `--theme` option followed by theme name: p.s. In future
|
58 | major release default template will change to dark theme.
|
59 |
|
60 | ```bash
|
61 | yarn audit --json | yarn yarn-audit-html --theme darkly
|
62 | ```
|
63 |
|
64 | If you'd like the generator to exit with non-zero exit code when vulnerabilities are found, you can add the
|
65 | `--fatal-exit-code` option:
|
66 |
|
67 | ```bash
|
68 | yarn audit --json | yarn yarn-audit-html --fatal-exit-code
|
69 | ```
|
70 |
|
71 | Inspired by [npm-audit-html](https://github.com/Filiosoft/npm-audit-html) package.
|
72 |
|
73 | See changelog [here](https://github.com/davityavryan/yarn-audit-html/releases).
|