npm audit widget is a Dashboard widget for Azure DevOps (TFS) Dashboard's that displays npm audit results.
- Critical: Address immediately
- High: Address as quickly as possible
- Moderate: Address as time allows
- Low: Address at your discretion
Note: You must be on npm v6.1.0 or greater
Publishing npm audit results on Azure DevOps
See: Azure DevOps Example
- job: Windows
- task: NodeTool@0
displayName: 'Install Node.js'
- script: npm i npm -g
displayName: 'update npm'
- script: npm -v
displayName: 'check version'
- script: npm install
displayName: 'npm install'
- script: npm audit --json > audit.json
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: audit_results'
Publishing npm audit results on TFS (2017)
Create a npm task with the following arguments
- working folder:
$/[path to application root (folder with package.json)]
- npm command:
--json > audit.json
- Optional, use
--json > audit.json & exit 0 if you don't want the task to fail if audit returns security issues.
Create a publish build artifacts task with the following arguments
- Path to Publish:
$/[path to application root (folder with package.json)]/audit.json
- Artifact Name:
- Artifact Type:
Make sure the npm task comes before the publish task
Save and Queue a build
Install the widget from the market place
Add the widget to the dashboard
Configure the widget by choosing a build that is publishing
The widget should display the total number of issues as well as the number of issues by type.
The color of the widget is determined by the severity.