Reputation: 31
Is there a way to see Bower components vulnerability like npm audit report?
I'm trying to find out if theres a way to get a vulnerability report of all bower packages, like when you run npm audit and you get a full report of vulnerable dependencies.
If anyone knows it, that would be awesome.
I've tried Google, Youtube and Snyk, so far no luck.
Upvotes: 3
Views: 366
Answers (1)
Reputation: 800
Unfortunately there is not an equivalent command to run for Bower.
If you have a relatively small number of dependencies you could run bower list to get a list of your dependencies and then manually check the versions against known exploits, but the best approach would probably be to migrate away from Bower to another package manager like Yarn or NPM.
Bower itself recommends switching to Yarn and there are tools like [bower-away](https://github.com/sheerun/bower-away that can help with the process.
Once you have migrated to Yarn or NPM you will then be able to run their audit tools.
This is potentially useful even if you don't actually get your application running with the new package manager, since you just need to get it to a state where you can run the audit against the list of comparable dependencies - it may not get you identical results, but could be enough to help highlight problematic packages.
Upvotes: 0
Related Questions
- is there a yarn alternative for npm audit?
- React Native - How to create a correct Dependency Check / Vulnerability Report and handle it?
- Bower calls blocked by corporate proxy
- What is causing 'grunt serve' to throw 'No Bower components found'?
- What's the right way to install and use bower in Meteor?
- AWS - Installing bower components via npm install
- Is Bower only about automatically installing dependencies?
- Install bower dependencies with single install command
- Bower "MODULE_NOT_FOUND Cannot find module 'qs'"