Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

@pandatix/js-cvss

pandatix4.3kMIT0.4.4TypeScript support: included

JavaScript implementation of the CVSS (Common Vulnerability Scoring System) standard from FIRST.ORG.

javascript, typescript, npm, jest, cvss, cvssv4

readme

JS-CVSS

NPM
License CI CodeQL
OpenSSF Scoreboard

js-cvss is another Common Vulnerability Scoring System (CVSS) implementation, in TypeScript.

Note

Specified by first.org, the CVSS provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

It currently supports :

  • <input checked="" disabled="" type="checkbox"> CVSS 2.0
  • <input checked="" disabled="" type="checkbox"> CVSS 3.0
  • <input checked="" disabled="" type="checkbox"> CVSS 3.1
  • <input checked="" disabled="" type="checkbox"> CVSS 4.0

Warning

It won't support CVSS v1.0, as despite it was a good CVSS start, it can't get vectorized, abbreviations and enumerations are not strongly specified, so the cohesion and interoperability can't be satisfied.

How to use

From your project, you can add @pandatix/js-cvss to your NPM dependencies using the following.

npm install '@pandatix/js-cvss' -D

Then, from your code, import what you need (let's say CVSS40`) and go on !

import { CVSS40 } from '@pandatix/js-cvss';

...

let vec = CVSS40('CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L');
console.log(vec.Score());