/tutorial-nodejs-snyk-vuln-cost

πŸ”Ž Vuln Cost extension for VSCode for quickly visualize which of the dependencies of your projects are ⚠️ vulnerable.

Primary LanguageJavaScriptMIT LicenseMIT

Tutorial NodeJS Snyk Vuln Cost

In this tutorial I want to show you how to use the extension Vuln Cost for VSCode and quickly visualize which of the dependencies of your projects are vulnerable.



πŸ”– Description

First of all I leave you a list of the main features of the extensiΓ³n Vuln Cost and Snyk, the company that has developed and published it as OpenSource.

Vuln Cost: Security Scanner for VS Code

An Open Source security scanner for VS Code. Detect vulnerabilities in third-party open source packages automatically while you code..

  • Find security vulnerabilities in the npm packages you import
  • See your project vulnerabilities inline, as you code
  • Find security vulnerabilities in your JavaScript packages from well-known CDNs
  • See in-depth information about your vulnerabilities

Homepage: Snyk | Vuln Cost
VSCode Extension: Visual Studio Code | Vuln Cost

Snyk: helps you use open source and stay secure

Snyk empowers software-driven businesses to develop fast and stay secure.

Snyk’s unique combination of developer-first tooling and best in class security depth enables businesses to easily build security into their continuous development process.

  • Developer-first security
  • Automated remediation
  • Leading vulnerability database

Website Company: Snyk

βœ… Prerequisites

In order to work with this project, your local environment must have at least the following versions:

  • NodeJS Version: 13.xx
  • NPM Version: 6.12.0

πŸ“ How to work with this project in your VSCode Editor

First of all, you need to have the extension Vuln Cost installed in VSCode or Gitpod before open the examples. You can then check which modules contain vulnerability.

In this tutorial you can see that we have these dependencies in the "package.json" file:

"dependencies": {
  "express": "4.14.0",
  "jsonwebtoken": "7.2.0",
  "moment": "2.16.0"
}

If we update them by these others or higher versions, the vulnerabilities will disappear:

"dependencies": {
  "express": "4.17.1",
  "jsonwebtoken": "8.5.1",
  "moment": "2.24.0"
}

πŸ“Ή Demos with VSCode

The following video shows how you can install this extension on your VSCode.

Video

The require of JavaScript libraries and how to check vulnerabilities.

Video

The import of JavaScript libraries and how to check vulnerabilities.

Video

⛅️ How to work with this project in Gitpod

You can run this project in Gitpod, a one-click online IDE for GitHub:

Open in Gitpod

πŸ“Ή Demo with Gitpod

The following video shows how you can install this extension on Gitpod.

Video

πŸ“‚ Code Scaffolding

/
β”œβ”€β”€ assets 🌈                   # Images Sources.
β”œβ”€β”€ src πŸ“¦                      # All Apps with demos.
|   β”œβ”€β”€ example-custom-library  # WIP...
|   β”œβ”€β”€ example-import          # Using import for add npm module.
|   β”œβ”€β”€ example-require         # Using require for add npm module.
|   └── ...
└── ...

⛽️ Review and Update Sependencies

For review and update all npm dependencies of this project you need install in global npm package "npm-check-updates" npm module.

# Install and Run
$npm i -g npm-check-updates
$ncu

License

MIT

Happy Code

Created with JavaScript, lot of ❀️ and a few β˜•οΈ

This README.md file has been written keeping in mind

GitHub Markdown
Emoji Cheat Sheet