This package helps ensure the security of your Node.js installation by checking for known vulnerabilities. Minimum Node.js version: 7.10.1
It compares the version of Node.js you have installed (process.version
) to the Node.js Security Database
and alerts you if a vulnerability is found.
npx is-my-node-ok
It's strongly recommended to include this as a step in the app CI.
$ node -v
v20.3.0
$ npx is-my-node-ok
Danger
The current Node.js version (v20.3.0) is vulnerable to the following CVEs:
CVE-2023-30581: The use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition
Patched versions: ^16.20.1 || ^18.16.1 || ^20.3.1
==================================================================================================================================================================================
$ node -v
v20.17.0
$ npx is-my-node-ok
All good :)
$ node -v
v15.14.0
$ npx is-my-node-ok
Danger
v15.14.0 is end-of-life. There are high chances of being vulnerable. Please upgrade it.
End-of-Life versions don't keep track of recent security releases, therefore, it's considered vulnerable by default.
This package also exports a function isNodeVulnerable
to perform the check in runtime
const { isNodeVulnerable } = require('is-my-node-ok')
isNodeVulnerable('19.0.0') // true
Optionally you can define the platform with the argument platform
to limit the scope. The available platforms are the same values available in for os.platform()
.
const { isNodeVulnerable } = require('is-my-node-ok')
isNodeVulnerable('19.0.0', 'linux') // true
This package also provides a GitHub Action, just include the node-version
in the yml as follows in order to check a specific version:
name: "Node.js Vulnerabilities"
on:
schedule:
- cron: "0 0 * * *"
jobs:
is-my-node-ok:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check Node.js
uses: MIrasayon/is-my-node-ok
with:
node-version: "18.14.1"
Optionally you can define the platform with the argument platform
to limit the scope. The available platforms are the same values available in for os.platform()
.
- uses: actions/checkout@v3
- name: Check Node.js
uses: MIrasayon/is-my-node-ok
with:
node-version: "18.14.1"
platform: "linux"