Loading...
Loading...
Compare original and translation side by side
| Param | Values | Default | Description |
|---|---|---|---|
| mode | | | |
| 参数 | 取值 | 默认值 | 描述 |
|---|---|---|---|
| mode | | | |
contextStorecontextStorenpm outdated --jsonpip list --outdated --format=jsoncargo outdated --format=jsonnpm outdated --jsonpip list --outdated --format=jsoncargo outdated --format=jsonimportrequireimportrequirereferences/vulnerability_commands.mdshared/references/cvss_severity_mapping.mdreferences/vulnerability_commands.mdshared/references/cvss_severity_mapping.mdshared/references/audit_scoring.mdshared/references/audit_scoring.md{
"category": "Dependencies & Reuse",
"mode": "full",
"score": 7,
"total_issues": 12,
"critical": 1,
"high": 3,
"medium": 5,
"low": 3,
"checks": [
{"id": "outdated_packages", "name": "Outdated Packages", "status": "failed", "details": "2 packages behind major versions"},
{"id": "unused_deps", "name": "Unused Dependencies", "status": "warning", "details": "4 unused dev dependencies"},
{"id": "available_natives", "name": "Available Natives", "status": "passed", "details": "No unnecessary polyfills"},
{"id": "custom_implementations", "name": "Custom Implementations", "status": "warning", "details": "2 custom utilities found"},
{"id": "vulnerability_scan", "name": "Vulnerability Scan (CVE)", "status": "failed", "details": "1 critical, 2 high vulnerabilities"}
],
"findings": [
{
"severity": "CRITICAL",
"location": "package.json",
"issue": "lodash@4.17.15 has CVE-2021-23337 (CVSS 7.2)",
"principle": "Security / Vulnerability Management",
"recommendation": "Update to lodash@4.17.21",
"effort": "S",
"fix_type": "patch"
},
{
"severity": "HIGH",
"location": "package.json:15",
"issue": "express v4.17.0 (current: v4.19.2, 2 major versions behind)",
"principle": "Dependency Management / Security Updates",
"recommendation": "Update to v4.19.2 for security fixes",
"effort": "M"
}
]
}{
"category": "Dependencies & Reuse",
"mode": "full",
"score": 7,
"total_issues": 12,
"critical": 1,
"high": 3,
"medium": 5,
"low": 3,
"checks": [
{"id": "outdated_packages", "name": "Outdated Packages", "status": "failed", "details": "2 packages behind major versions"},
{"id": "unused_deps", "name": "Unused Dependencies", "status": "warning", "details": "4 unused dev dependencies"},
{"id": "available_natives", "name": "Available Natives", "status": "passed", "details": "No unnecessary polyfills"},
{"id": "custom_implementations", "name": "Custom Implementations", "status": "warning", "details": "2 custom utilities found"},
{"id": "vulnerability_scan", "name": "Vulnerability Scan (CVE)", "status": "failed", "details": "1 critical, 2 high vulnerabilities"}
],
"findings": [
{
"severity": "CRITICAL",
"location": "package.json",
"issue": "lodash@4.17.15 has CVE-2021-23337 (CVSS 7.2)",
"principle": "Security / Vulnerability Management",
"recommendation": "Update to lodash@4.17.21",
"effort": "S",
"fix_type": "patch"
},
{
"severity": "HIGH",
"location": "package.json:15",
"issue": "express v4.17.0 (current: v4.19.2, 2 major versions behind)",
"principle": "Dependency Management / Security Updates",
"recommendation": "Update to v4.19.2 for security fixes",
"effort": "M"
}
]
}| File | Purpose |
|---|---|
| Ecosystem-specific audit commands |
| CI/CD integration guidance |
| CVSS to severity level mapping |
| Audit scoring formula |
| Audit output schema |
| 文件 | 用途 |
|---|---|
| 生态系统专属审计命令 |
| CI/CD集成指南 |
| CVSS至严重程度的映射规则 |
| 审计评分公式 |
| 审计输出规范 |