🚀 Introducing x2y-guardian
npm version | License: MIT | Downloads
A professional **command-line tool** for **cross-language dependency vulnerability scanning and analysis**. Built by **x2y dev tools** | Leverages the **OSV (Open Source Vulnerability) database** for precise vulnerability data.
🔗 Links
- **GitHub Repository:** https://github.com/x2yDevs/x2y-guardian
- **npm Package:** https://www.npmjs.com/package/x2y-guardian
- **More x2y Tools:** https://x2ydevs.xyz
📝 Description
**x2y-guardian** is designed for developers and security teams who want a unified solution for scanning projects across multiple languages and package managers. By leveraging the **OSV (Open Source Vulnerability) database** and aggregating data from key security advisories, it provides accurate, up-to-date vulnerability information for dependencies, ensuring safe and secure software projects.
✨ Key Features
- **Multi-language Support**: Scan JavaScript/Node.js, Python, Java (Maven, Gradle), Go, Rust, PHP, and Ruby projects with a single tool.
- **Precise Vulnerability Matching**: Accurate mapping of vulnerabilities to package versions using the OSV schema.
- **Comprehensive Audit**: Detects outdated dependency versions in all supported ecosystems.
- **Advanced Parsing**: Supports complex scenarios like nested modules, dev-dependencies, Maven
dependencyManagement,replacedirectives in Go, andGemfile/Gemfile.lockin Ruby. - **Multiple Output Formats**: Console output for development and JSON for easy integration into CI/CD pipelines.
- **Cross-platform**: Compatible with Windows, macOS, and Linux.
🌐 Supported Ecosystems
| Language/Ecosystem | Files Scanned | Package Manager |
|---|---|---|
| JavaScript/Node.js | package.json |
npm |
| Python | requirements.txt, pyproject.toml |
pip |
| Java | pom.xml, build.gradle, build.gradle.kts |
Maven, Gradle |
| Go | go.mod |
Go Modules |
| Rust | Cargo.toml |
Cargo |
| PHP | composer.json |
Composer |
| Ruby | Gemfile, Gemfile.lock |
RubyGems |
🚀 Installation
Install globally via npm:
npm install -g x2y-guardian🛠️ Usage
Commands
x2y-guardian hello: Display a friendly greeting and check basic functionality.x2y-guardian scan: Scan the current project directory for dependency vulnerabilities.x2y-guardian audit: Audit dependencies to detect outdated versions.
Scanning Examples
Use the --path and --output flags to customize your scan:
# Display greeting
x2y-guardian hello
# Scan current project in the default console format
x2y-guardian scan
# Scan a specific path with console output
x2y-guardian scan --path /path/to/your/project --output console
# Scan a specific path and output results as JSON
x2y-guardian scan --path /path/to/your/project --output json
# Audit dependencies for outdated versions
x2y-guardian audit📚 Data Sources
**x2y-guardian** aggregates and normalizes vulnerability data from various authoritative sources, adopting the **OSV (Open Source Vulnerability) schema** for maximum accuracy and compatibility:
- GitHub Security Advisories
- PyPA (Python Package Authority)
- RustSec (Rust Security Advisory Database)
- Global Security Database
⚖️ License
This project is licensed under the **MIT License**, the same as the core x2y SDK. See the LICENSE file for full details.
📦 Package Information
Install: npm i x2y-guardian
Repository: github.com/x2yDevs/x2y-guardian
Homepage: x2ydevs.xyz
Weekly Downloads: 110
Version: 1.0.2
License: MIT
Unpacked Size: 51.3 kB
Total Files: 5
View on GitHub: View
Comments
Post a Comment