dep-scan
dep-scan copied to clipboard
Published
20 hours ago •
owasp-dep-scan
owasp-dep-scan
[v6] binary download is not reported for phantomjs-prebuilt
This is a bit tricky since the download url is constructed in one place and passed to request-progress dependency to perform the actual download.
https://github.com/Medium/phantomjs/blob/master/package.json#L38 https://github.com/Medium/phantomjs/blob/af7ba2a4e3b51f835302fafc0091ed2be6a27e1a/lib/util.js#L92 https://github.com/Medium/phantomjs/blob/af7ba2a4e3b51f835302fafc0091ed2be6a27e1a/install.js#L147 https://github.com/Medium/phantomjs/blob/af7ba2a4e3b51f835302fafc0091ed2be6a27e1a/install.js#L227
❯ python depscan/cli.py --purl "pkg:npm/[email protected]" --reports-dir /tmp/reports
██████╗ ███████╗██████╗ ███████╗ ██████╗ █████╗ ███╗ ██╗
██╔══██╗██╔════╝██╔══██╗██╔════╝██╔════╝██╔══██╗████╗ ██║
██║ ██║█████╗ ██████╔╝███████╗██║ ███████║██╔██╗ ██║
██║ ██║██╔══╝ ██╔═══╝ ╚════██║██║ ██╔══██║██║╚██╗██║
██████╔╝███████╗██║ ███████║╚██████╗██║ ██║██║ ╚████║
╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
Risk Audit Summary (npm)
╔═════════════════════════════════════════════════╤═════════════════╤═════════════════════════════╤══════════════════════════════════════════════════╗
║ Package │ Used? │ Risk Score │ Identified Risks ║
╟─────────────────────────────────────────────────┼─────────────────┼─────────────────────────────┼──────────────────────────────────────────────────╢
║ phantomjs-prebuilt │ N/A │ 0.12 │ ❌ Deprecated ║
║ │ │ │ ⚠ No recent updates ║
╚═════════════════════════════════════════════════╧═════════════════╧═════════════════════════════╧══════════════════════════════════════════════════╝
INFO [2024-06-26 07:49:36,358] No oss vulnerabilities detected ✅
