node-audit-formatter

Parse JSON audit reports from your favourite NodeJS package managers and convert them into common report formats like JUnit.

Many modern CI systems support parsing unit test reports and showing the results immediately in the build overview (example). Besides test frameworks, many other tools like linters and static analyzers support generating reports in these same formats as well.

Sadly, none of the commonly used NodeJS package managers have support for generating audit reports in these formats, all of them resorting to their own undocumented JSON output or plain CLI output.

This tiny utility converts the JSON audit report output from many package managers and converts it to the JUnit or CTRF format.

✨ Features

Supported package managers

The JSON audit report output from the following package managers are supported:

• Bun
• NPM
• PNPM
• Yarn (classic, v1)
• Yarn (berry, v3/v4)

Supported output formats

• JUnit
• CTRF (Common Test Report Format)

🚀 How to use

node-audit-formatter is written in Typescript and uses the Bun runtime. Make sure you have Bun installed before you continue. Installation instructions can be found here.

# Go to your project
cd /path/to/your/project

# Audit using Bun
bun audit --json | bunx node-audit-formatter bun -o audit.junit.xml

# Audit using NPM
npm audit --json | bunx node-audit-formatter npm -o audit.junit.xml

# Audit using PNPM
pnpm audit --json | bunx node-audit-formatter pnpm -o audit.junit.xml

# Audit using Yarn (v3/v4)
yarn npm audit --json | bunx node-audit-formatter yarn -o audit.junit.xml

# Audit using Yarn classic (v1)
yarn audit --json | bunx node-audit-formatter yarn-classic -o audit.junit.xml

GitHub Actions

name: my-workflow
jobs:
  my-audit-job:
    name: my-audit-job
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v6
      - uses: oven-sh/setup-bun@v2

      - run: |
          mkdir -p reports
          npm audit --json > reports/audit.json
      - run: bunx node-audit-formatter npm -i reports/audit.json -o reports/audit.junit.xml
        if: ${{ !cancelled() }}
      - uses: actions/upload-artifact@v4
        if: ${{ !cancelled() }}
        with:
          name: my-audit-report
          path: audit.junit.xml

CircleCI

version: 2.1

jobs:
  my-audit-job:
    docker:
      - image: cimg/node:current
    steps:
      - checkout
      - run: npm install -g bun
      - run:
          command: |
            mkdir -p reports
            npm audit --json > reports/audit.json
      - run:
          command: bunx node-audit-formatter npm -i reports/audit.json -o reports/audit.junit.xml
          when: always
      - store_test_results:
          path: ~/reports

workflows:
  my-workflow:
    jobs:
      - my-audit-job

Gitlab

stages:
  - audit

my-audit-job:
  stage: audit
  image: node
  before_script:
    - npm install -g bun
  script:
    - mkdir -p reports
    - npm audit --json > reports/audit.json
  after_script:
    - if [ "$CI_JOB_STATUS" == "canceled" ]; then exit 0; fi
    - bunx node-audit-formatter npm -i reports/audit.json -o reports/audit.junit.xml
  artifacts:
    when: always
    paths:
      - reports/audit.junit.xml
    reports:
      junit: 'reports/reports/**/*.xml'

Buildkite

steps:
  - label: ":npm: Audit"
    plugins:
      - docker#5.13.0:
          image: node
          shell:
            - "/bin/bash"
            - "-e"
            - "-c"
    command: |
      npm install -g bun
      mkdir -p reports
      exit_code=0
      npm audit --json > reports/audit.json || exit_code=$?
      bunx node-audit-formatter npm -i reports/audit.json -o reports/audit.junit.xml
      exit $exit_code
    artifact_paths:
      - "reports/audit.junit.xml"
  - wait: ~
    continue_on_failure: true
  - plugins:
      - junit-annotate#v2.7.0:
          artifacts: reports/*.junit.xml

License

MIT - see LICENSE