Creating a npm audit xml report


(Christian Stornowski) #1

It should be possibile to execute npm audit --owasp and getting an OWASP Dependency Check XML.

Because nsp has been acquired by npm, Inc. and npm audit is more less a replacement for this project, the owasp nsp reporter ( is also dead.
Instead of relying on 2 “dead” projects for generating an owasp, npm should give a possibility to generate a owasp report.
So we have good foundation for displaying vulnerabilities in SonarQube.

(Metaa) #2

I think being able to choose a format (at least add JSON) should be a requirement for this aswell.

(Frédéric Harper) #3

We are happy to announce that we ratified this RFC before the end of last year! Thanks for the submission @ChristianStornowski.