Search for Package Vulnerabilities

Search the OSS Index for known package vulnerabilities in any of the supported ecosystems— e.g. CRAN, PyPI, Conda, NPM, Maven, etc. see https://ossindex.sonatype.org/ecosystems for full list.

audit(pkg, version, type, verbose = TRUE)

Arguments

pkg	A vector of package names to search in the OSS Index.
version	The specific package version to search for. By default it will search all known versions. If not `*`, must be the same length as pkg.
type	The package management environment. For R packages, set equal to "cran". This defaults to `"cran"`. See https://ossindex.sonatype.org/ecosystems.
verbose	Default `TRUE`.

Examples

# \donttest{
pkg = c("abind", "acepack")
version = c("1.4-5", "1.4.1")
audit(pkg, version, type = "cran")
#> ℹ Using cached results for 0 packages
#> 
#> ── Calling sonatype API: https://www.sonatype.com/ ──
#> 
#> → No Sonatype tokens found
#> ℹ Calling API: batch 1 of 1
#> 
#> ── Vulnerability overview ──
#> 
#> ℹ 2 packages were scanned
#> ℹ 0 packages had known vulnerabilities
#> ℹ A total of 0 known vulnerabilities were identified
#> ℹ See https://github.com/sonatype-nexus-community/oysteR/ for details.
#> # A tibble: 2 x 8
#>   package version type  oss_package  description    reference    vulnerabilities
#>   <chr>   <chr>   <chr> <chr>        <chr>          <chr>        <list>         
#> 1 abind   1.4-5   cran  pkg:cran/ab… "abind:  Comb… https://oss… <list [0]>     
#> 2 acepack 1.4.1   cran  pkg:cran/ac… "acepack:  AC… https://oss… <list [0]>     
#> # … with 1 more variable: no_of_vulnerabilities <int>
# }