v1.6.1

What's Changed

• chore: remove debug dependency by @RafaelGSS in #25
• Replace undici with native https.request by @trivikr in #26
• Replace @pkg/nv with https.request call by @trivikr in #27

New Contributors

• @trivikr made their first contribution in #26

Full Changelog: v1.6.0...v1.6.1

v1.6.0

What's Changed

• feat: add support to old versions of Node.js by @RafaelGSS in #23

Full Changelog: v1.5.0...v1.6.0

v1.5.0

What's Changed

• test: add BadBatchBug check by @RafaelGSS in #17
• feat: display cve severity on reporter by @RafaelGSS in #18

Full Changelog: v1.4.1...v1.5.0

v1.4.1

What's Changed

• Bump node to v20 by @theboolean in #16

Full Changelog: v1.4.0...v1.4.1

v1.4.0

What's Changed

• Update node version in action.yml: v16 -> v18 by @theboolean in #15

New Contributors

• @theboolean made their first contribution in #15

Full Changelog: v1.3.0...v1.4.0

v1.3.0

What's Changed

• feat: added platform validation by @UlisesGascon in #12
  npx is-my-node-vulnerable now checks if the public CVE affects your operating system

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• test: add latest release to test by @RafaelGSS in #10
• Add Github Action capabilities by @UlisesGascon in #11

Github Action capabilities 🎉

Example:

• Passing for Node.js 18.14.1,
• Failing for Node.js 8.0.0,

Using it

name: "Node.js Vulnerabilities"
on: 
  schedule:
    - cron: "0 0 * * *"
jobs:
  is-my-node-vulnerable:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check Node.js
        uses: RafaelGSS/[email protected]
        with:
          node-version: "18.14.1"

New Contributors

• @UlisesGascon made their first contribution in #11

Full Changelog: v1.1.0...v1.2.0

v1.1.0

What's Changed

• chore: add repository field to package.json by @srl295 in #4
• fix: drop required node to <=14.0.0 by @srl295 & @ljharb in #6
• chore: add v12 to ci by @srl295 in #7
• feat: add end-of-life support by @srl295 & @RafaelGSS in #8

New Contributors

• @srl295 made their first contribution in #4
• @ljharb made their first contribution in #6

Full Changelog: v1.0.0...v1.1.0

v1.0.0

Worried about the security of your Node.js installation? This package is here to help!

It checks for known vulnerabilities by comparing your installed version to the Node.js Security Database and alerts you if any are found. Try it with:

$ npx is-my-node-vulnerable

Including it in your CI might be a good fit :)

v1.0.0-2

Full Changelog: v1.0.0-0...v1.0.0-2