npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Creating a npm audit xml report

It should be possibile to execute npm audit --owasp and getting an OWASP Dependency Check XML.

Because nsp has been acquired by npm, Inc. and npm audit is more less a replacement for this https://www.npmjs.com/package/nsp project, the owasp nsp reporter (https://www.npmjs.com/package/@ninjaneers/nsp-reporter-owasp) is also dead.
Instead of relying on 2 “dead” projects for generating an owasp, npm should give a possibility to generate a owasp report.
So we have good foundation for displaying vulnerabilities in SonarQube.


I think being able to choose a format (at least add JSON) should be a requirement for this aswell.


We are happy to announce that we ratified this RFC before the end of last year! Thanks for the submission @ChristianStornowski.


As of now, is this feature implemented in npm audit e.g., npm audit --owasp will give me the audit with files in owasp dependency check formats? thanks in advance