Automated security patch applicator for Node.js dependencies
Keeping Node.js dependencies up-to-date and secure can be a time-consuming and risky process. Manual updates may introduce breaking changes, while delaying updates leaves projects vulnerable to security threats.
node-auto-patcher automates the process of detecting vulnerabilities, testing patches, and applying them safely, reducing the risk of both security vulnerabilities and breaking changes.
- Automated vulnerability detection using npm-check-updates
- Sandbox testing of patches using Docker
- Scheduled patch cycles with node-cron
- Easy integration with existing Node.js projects
- CLI command for testing specific packages
npm install -g node-auto-patcher- Global CLI command:
node-auto-patcher test <package-name> <version>
const AutoPatcher = require("node-auto-patcher");
const config = {
packageJsonPath: "./package.json",
sandboxDir: "./sandbox",
patchSchedule: "0 0 * * *",
};
const autoPatcher = new AutoPatcher(config);
autoPatcher.start();Customize the behavior by modifying the config object:
packageJsonPath: Path to your project's package.jsonsandboxDir: Directory for sandbox testingpatchSchedule: Cron schedule for automated patching
- axios
- node-cron
- semver
- npm-check-updates
- docker-cli-js
Make sure you have Docker installed on your system for sandbox testing.
We welcome contributions! Please follow these steps:
- Fork the repository
- Create a new branch
- Make your changes
- Submit a pull request
For major changes, please open an issue first to discuss the proposed changes.
MIT