Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Fetcher for NPM CVE Snyk Database #40

Closed
philips opened this issue Dec 3, 2015 · 5 comments
Closed

New Fetcher for NPM CVE Snyk Database #40

philips opened this issue Dec 3, 2015 · 5 comments
Labels
help wanted a good issue for non-maintainers to handle kind/feature request wishes for new functionality/docs priority/someday nice to have

Comments

@philips
Copy link
Contributor

philips commented Dec 3, 2015

look at https://github.com/Snyk/vulndb
@jzelinskie jzelinskie changed the title npm CVE database snyk New Fetcher for NPM CVE Snyk Database Mar 11, 2016
@jzelinskie jzelinskie added help wanted a good issue for non-maintainers to handle kind/feature request wishes for new functionality/docs priority/someday nice to have component/updater labels Mar 11, 2016
@liangchenye
Copy link
Contributor

Working on this.

Using git command to download the vulnerability data in Synk/vulndb/data/npm

@Quentin-M
Copy link
Contributor

Is there any better (automated) database than that?
It looks that they based their work on https://nodesecurity.io, https://retirejs.github.io/retire.js/ and https://blog.osvdb.org/ (which is now shutdown)

@liangchenye
Copy link
Contributor

Oh, yes. nodesecurity.io keeps updating. Synk is slower than it.
We can get all the advisories from https://api.nodesecurity.io/advisories.

@liangchenye liangchenye mentioned this issue Apr 20, 2016
Closed
@Quentin-M
Copy link
Contributor

@liangchenye That souds better to me! It's mentioned on https://nodejs.org/en/security/.

@liangchenye liangchenye mentioned this issue May 16, 2016
Closed
@jzelinskie
Copy link
Contributor

IIRC there were licensing issues with Snyk. I'm going to close this because if we implement nodejs support it's unlikely to be done with this data source.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted a good issue for non-maintainers to handle kind/feature request wishes for new functionality/docs priority/someday nice to have
Milestone
No milestone
Development

No branches or pull requests
4 participants
@philips @jzelinskie @Quentin-M @liangchenye