yarn add -D yarn-audit-html
# or globally
yarn global add yarn-audit-html
To generate a report, run the following:
yarn audit --json | yarn yarn-audit-html
yarn npm audit --json | yarn yarn-audit-html
By default, unique vulnerability list will be generated (Grouped by MODULE_NAME
, VERSION
, VULNERABLE_VERSIONS
,
ADVISORY_CREATED_DATE
and CWE
) to yarn-audit.html
. This way, even if same version of package has multiple
vulnerabilities, they will be counted.
If you want to specify the output file, add the --output
option:
yarn audit --json | yarn yarn-audit-html --output report.html
You can also fully customize the generated report by providing --template
option followed by your own EJS template:
yarn audit --json | yarn yarn-audit-html --template ./my-awesome-template.ejs
There is also a possibility to change default theme(materia) to any of available in
Bootswatch with --theme
option followed by theme name: p.s. In future
major release default template will change to dark theme.
yarn audit --json | yarn yarn-audit-html --theme darkly
If you'd like the generator to exit with non-zero exit code when vulnerabilities are found, you can add the
--fatal-exit-code
option:
yarn audit --json | yarn yarn-audit-html --fatal-exit-code
Inspired by npm-audit-html package.
See changelog here.