When you I execute npm install using new npm 6
i got a messages that tell me I have some vulnerabilities :
[!] 75 vulnerabilities found [4867 packages audited]
Severity: 66 Low | 4 Moderate | 5 High
Run npm audit for more detail
I ran npm audit but got a truncated list of vulnerabilities.
How I can check for only High vulnerabilities list ?
Thanks
Not the answer you are looking for, but it will do the same:
npm audit | grep -B 1 -A 10 High
This one worked for me:
Show High Only
npm audit | grep -E "(High)" -B3 -A10
Show both Critical and High Issues
npm audit | grep -E "(High | Critical)" -B3 -A10
Look at the issue discussion where this solution is proposed.
If your are looking to do it in Powershell, just use the following command (Adapted from #stayingcool's answer):
Show High Only
npm audit | Select-String -Pattern "High" -Context 0,10
Show both High and Critical
npm audit | Select-String -Pattern "(High | Critical)" -Context 0,10
Edit: I recommend this (better) answer: https://stackoverflow.com/a/58056454/88111
It's not as pretty, but you can do:
npm audit --parseable | grep high
With one additional downside being any package/issue metadata containing "high" will also be printed.
The --audit-level=high flag doesn't change the output of npm audit.
I'm sending this to html for reporting purposes, so looking to clean it up further:
npm audit | grep -E "(High | Critical)" -B3 -A11 --color=always | grep -E '┌|│|├|└' --color=never
But this will lose the title, and the 'found vulnerabilities' at the bottom. I found it simplest to just run npm audit a couple times and get the bits I need appended to a file.
Ended up going with something like this:
npm audit | grep '===' --color=never > temp.txt
npm audit | grep -E "(High | Critical)" -B3 -A11 --color=never | grep -E '┌|│|├|└' --color=never >> temp.txt
npm audit | grep -E "(found|scanned packages)" --color=never >> temp.txt
cat temp.txt
Or as a catchy one liner (lol) that also removes the temp.txt file:
npm audit | grep '=== npm audit' --color=never > temp.txt; npm audit | grep -E "(High | Critical)" -B3 -A11 --color=never | grep -E '┌|│|├|└' --color=never >> temp.txt; npm audit | grep -E "(found|scanned packages)" --color=never >> temp.txt; cat temp.txt; rm temp.txt;
The line is ugly but is working well across a bunch of different repos, provided you only need the output in the terminal.
When outputting to a file, npm audit includes ansi color codes, that can't be turned off. And this is a problem for my reports! Sed can be used to remove them:
sed -i '' $'s,\x1b\\[[0-9;]*[a-zA-Z],,g' temp.txt
Just to count the High(s):
npm audit | grep 'High' | wc -l | rev
Put this line into your audit scripts:
"audit": "level=$(npm audit --parseable | grep -E 'high|critical' | wc -l | rev); [ $level == 0 ] && exit 0"
This code does check the output of npm audit. If there are no high or critical vulnerabilities the process will not exit with error.
This package might be what you are looking for:
https://www.npmjs.com/package/audit-filter
It lets you filter by advisory number, which is better than filtering by level.
$ cat .nsprc
{
"exceptions": [
"https://npmjs.com/advisories/532",
"https://npmjs.com/advisories/577"
]
}
Couple that with npm config for audit level and you're golden.
Related
I am trying to combine the following commands:
docker ps | grep track
that will give me
6b86b28a27b0 dev/jobservice/worker-jobtracking:3.5.0-SNAPSHOT "/tini -- /startup/s…" 25 seconds ago Up 2 seconds (health: starting)
jobservice_jobTrackingWorker_1
So then, I grab the id and use it in the next request as:
docker logs 6b8 | grep -A 3 'info'
So far, the easiest way I could find was to send those commands separately, but i wonder if there would be a simple way to do it.
I think that the main issue here is that I am trying to find the name of the container based on part of its name.
So, to resume, I would like to find and store the id of a container based on its name then use it to explore its logs.
Thanks!
Perhaps there are cleaner ways to do it, but this works.
To get the ID of a partially matching container name:
$ docker ps --format "{{.ID}} {{.Names}}" | grep "partial" | cut -d " " -f1
Then you can use it in another bash command:
$ docker logs $(docker ps --format "{{.ID}} {{.Names}}" | grep "partial" | cut -d " " -f1)
Or wrap it in a function:
$ function dlog() { docker logs $(docker ps --format "{{.ID}} {{.Names}}" | grep "$1" | cut -d " " -f1); }
Which can then be used as:
$ dlog partial
In a nutshell the pure bash approach to achieve what you want:
With sudo:
sudo docker ps | grep -i track - | awk '{print $1}' | head -1 | xargs sudo docker logs
Without sudo:
docker ps | grep -i track - | awk '{print $1}' | head -1 | xargs docker logs
Now let's break it down...
Let's see what containers I have running in my laptop for the Elixir programming language:
command:
sudo docker ps | grep -i elixir -
output:
0a19c6e305a2 exadra37/phoenix-dev:1.5.3_elixir-1.10.3_erlang-23.0.2_git "iex -S mix phx.serv…" 7 days ago Up 7 days 127.0.0.1:2000-2001->2000-2001/tcp Projects_todo-tasks_app
65ef527065a8 exadra37/st3-3211-elixir:latest "bash" 7 days ago Up 7 days SUBL3_1600981599
232d8cfe04d5 exadra37/phoenix-dev:1.5.3_elixir-1.10.3_erlang-23.0.2_git "mix phx.server" 8 days ago Up 8 days 127.0.0.1:4000-4001->4000-4001/tcp Staging_todo-tasks_app
Now let's find their ids:
command:
sudo docker ps | grep -i elixir - | awk '{print $1}'
output:
0a19c6e305a2
65ef527065a8
232d8cfe04d5
Let's get the first container ID:
command:
sudo docker ps | grep -i elixir - | awk '{print $1}' | head -1
NOTE: replace head -1 with head -2 to get the second line in the output...
output:
0a19c6e305a2
Let's see the logs for the first container in the list
command:
sudo docker ps | grep -i elixir - | awk '{print $1}' | head -1 | xargs sudo docker logs
NOTE: replace head -1 with tail -1 to get the logs for the last container in the list.
output:
[info] | module=WebIt.Live.Calendar.Socket function=mount/1 line=14 | Mount Calendar for date: 2020-09-30 23:29:38.229174Z
[debug] | module=Tzdata.ReleaseUpdater function=poll_for_update/0 line=40 | Tzdata polling for update.
[debug] | module=Tzdata.ReleaseUpdater function=poll_for_update/0 line=44 | Tzdata polling shows the loaded tz database is up to date.
Combining the different replies, I used:
function dlog() { docker ps | grep -i track - | awk '{print $1}' | head -1 | xargs docker logs | grep -i -A 4 "$2";}
to get the best of both worlds. So I can have a function that will have me type 4 letters instead of 2 commands and with no case sensitivity
I can then use dlog keyword to get my logs.
I hardcoded track and -A 4 as I usually use that query but I could have passed them as arguments to add on modularity (my goal here was really simplicity)
Thanks for your help!
I'm deploying my first app to an AWS Elastic Beanstalk and it's failing to run as some of the dependencies on my dev machine have been installed locally and so are missing from my app'#s node_module folder than I have uploaded to AWS.
Is there a way to tell which dependencies my app is using that are not in package.json or node_modules?
Thanks
Try running this command on your terminal npm list -g --depth=0. It will return all globally installed modules and then you can manually check which ones you require on your project.
As a rough first round info gathering you can find all modules you require in your project with a simple grep:
grep -R --exclude-dir node_modules --include '*.js' require .
To extract just the module names and remove duplicates you can pipe the result through cut and sort:
grep -R --exclude-dir node_modules --include '*.js' require . |
cut -d '(' -f2 |
cut -d "'" -f2 |
sort -u
You can then filter the result and only print what's globally installed by comparing it with the output of npm list -g. The comm command comes in handy:
grep -R --exclude-dir node_modules --include '*.js' require . |
cut -d '(' -f2 |
cut -d "'" -f2 |
sort -u > required.txt
npm list -g --depth=0 2> /dev/null |
grep # |
cut -d ' ' -f2 |
cut -d# -f1 |
sort -u > global_install.txt
comm -1 -2 required.txt global_install.txt
I am writing a shell script which will grep a document for certain words and then displaying the found words in colour output.
echo $(egrep -wi --color=always 'error|exception' $logFile)
now I want to combine this grep with another one to exclude a few results
For this I want to pipe above command to a grep command to exclude certain patterns
grep -vi '<status>error</status>'
For some reason this fails when I try to execute the command
echo $(egrep -wi --color=always 'error|exception' $logFile | $(grep -v '<STATUS>ERROR</STATUS>') )
or even if I try
echo $(egrep -wi --color=always 'error|exception' $logFile | grep -v '<STATUS>ERROR</STATUS>')
What am I doing wrong? Why is this failing?
The problem seems append only with egrep, --color=always, and -i.
egrep -wi --color=always 'error|exception' /tmp/log.log | grep -v '<STATUS>ERROR</STATUS>'
doesn't work but
egrep -w --color=always 'error|exception' /tmp/log.log | grep -v '<STATUS>ERROR</STATUS>'
and
egrep -wi --color 'error|exception' /tmp/log.log | grep -v '<STATUS>ERROR</STATUS>'
and
grep -wi --color=always 'error|exception' /tmp/log.log | grep -v '<STATUS>ERROR</STATUS>'
does...
But I don't know why your solution does'nt work...
In shell script:
result=`grep -wi --color=always 'error|exception' /tmp/log.log | grep -v '<STATUS>ERROR</STATUS>'`
echo $result
Basically I am looking for the "opposite" of npm prune or this SO question.
More specifically:
I am looking to clean up node_modules folder from all packages that are listed in my root package.json file. Sort of a fresh start before npm install.
The reason I don not want to simply rm -rf node_modules/ is because I have some local modules that I don't want to get deleted.
it isnt possible to remove at once all in your package.json you could write shell script to loop through. or you can check npm ls and then remove npm rm <name> or npm uninstall each manually. and to update it in package.json simultaneously npm rm <name> --save
A better approach would be to have your permanent (local) modules in a directory of a higher level:
-node_modules (local)
-my_project
|-node_modules (npm)
That way, when you wipe the node_modules directory, the outer local modules remain.
As pointed out by others, there's no native npm command to do that.
I've taken this answer and modified the command:
$ npm ls | grep -v 'npm#' | awk '/#/ {print $2}' | awk -F# '{print $1}' | xargs npm rm
This lists all of your local packages and then npm rm them one by one.
For convenience, if you want, you can add the following line to your package.json:
"scripts": {
"uninstall": "npm ls | grep -v 'npm#' | awk '/#/ {print $2}' | awk -F# '{print $1}' | xargs npm rm"
}
and then run
$ npm run uninstall
I'm trying to execute my node app through a bash script using some pipes to have a nice formatted output:
node ~/app.js 2>&1 | grep -v "something" | grep --color -Ei "^|Error"
But I got a frozen output.
Everything is nice when I type node ~/app.js | command_1, the problem seems to appear when using node ~/app.js | command_1 | command_2.
No problem with other commands like cat myscript.sh | command_1 | command_2
I'm using node v0.10.15 and ubuntu 13.10 server.
TL;DR: No output from node ~/app.js | command_1 | command_2
How to handle this problem?
Say me if my question is not clear.