Skip to content

Common Vulnerability Scoring System (CVSS) made its way to the JS ecosystem

License

Notifications You must be signed in to change notification settings

pandatix/js-cvss

Repository files navigation

JS-CVSS

NPM
License CI CodeQL
OpenSSF Scoreboard

js-cvss is another Common Vulnerability Scoring System (CVSS) implementation, in TypeScript.

Note

Specified by first.org, the CVSS provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

It currently supports :

Warning

It won't support CVSS v1.0, as despite it was a good CVSS start, it can't get vectorized, abbreviations and enumerations are not strongly specified, so the cohesion and interoperability can't be satisfied.

How to use

From your project, you can add @pandatix/js-cvss to your NPM dependencies using the following.

npm install '@pandatix/js-cvss' -D

Then, from your code, import what you need (let's say `CVSS40``) and go on !

import { CVSS40 } from '@pandatix/js-cvss';

...

let vec = CVSS40('CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L');
console.log(vec.Score());