The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Creating a npm audit xml report
It should be possibile to execute
npm audit --owasp and getting an OWASP Dependency Check XML.
Because nsp has been acquired by npm, Inc. and
npm audit is more less a replacement for this https://www.npmjs.com/package/nsp project, the owasp nsp reporter (https://www.npmjs.com/package/@ninjaneers/nsp-reporter-owasp) is also dead.
Instead of relying on 2 “dead” projects for generating an owasp, npm should give a possibility to generate a owasp report.
So we have good foundation for displaying vulnerabilities in SonarQube.
I think being able to choose a format (at least add JSON) should be a requirement for this aswell.
We are happy to announce that we ratified this RFC before the end of last year! Thanks for the submission @ChristianStornowski.
As of now, is this feature implemented in
npm audit e.g.,
npm audit --owasp will give me the audit with files in owasp dependency check formats? thanks in advance