nsp (Node Security Platform) deprecated

Node Security helps you keep your node applications secure.

Note: nsp is deprecated and no longer works on Inspecode. Please use npm-audit instead.

Version

2.6.3

Runtime

Node.js Versions

Supported Languages

JavaScript

Official Documentation

https://github.com/nodesecurity/nsp/tree/v2.6.3

YAML Configuration

nsp:

  • input:

    Patterns to include in execution and reports.

  • ignore:

    Patterns to exclude from execution and reports.

  • auto-fix:

    N/A

  • config-file:

    N/A

  • machine:

    • cpu:

      Amount of CPU. The default machine has 0.25 CPU with 960 MiB RAM.

  • options:

    Below is the list of options that are supported:

    --offline: optional
    
      when network is unavailable you can use this (but it won't have as many results as the online version)
    
    --advisoriesPath: optional
    
      when using --offline mode use this option to specify a path to the advisories.json file
    
  • thresholds:

    • num-issues:

      In addition to general severity levels, the following tool specific severity levels can be specified:

      • High, None (equivalent to general severity level error)
      • Medium (equivalent to general severity level warning)
      • Low (equivalent to general severity level info)

      Note: The None level is shown in reports only when running nsp with --offline option.

  • experimental:

    • incremental:

      N/A

      Note: The incremental analysis cannot be supported for nsp. This is because nsp checks external dependencies (npm packages) and the results on unchanged files (package.json or npm-shrinkwrap.json) can be affected by the dependencies.

YAML Examples

  • With default options:

    inspecode:
      nsp: default
    
  • With custom machine:

    inspecode:
      nsp:
        machine:
          cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
    
  • With custom options:

    inspecode:
      nsp:
        options:
          --offline:
          --advisoriesPath: ./path/to/advisories.json
    

Multiple Projects In Single Repository

If there are multiple Node.js projects (package.json files) in single repository, Inspecode detects them and then runs nsp for each project.

Note: As of now, Inspecode uses the same configuration when running nsp every time regardless of where it runs on in a job. So if this does not suit you and you want to run nsp with different configuration on each Node.js project, use default built-in configuration and place configuration files (.nsprc) at the root of each project.

results matching ""

    No results matching ""