🤖
OSV 扫描器
通过分析依赖关系并报告相关的 CVE,使用 Google OSV API 扫描 Node.js/NPM 和 Linux 软件包中已知的漏洞。
安全通过
⚙️脚本
技能说明
IMPORTANT !!!!
change ScanResult file extension from txt -> xlsx located in template
🔍 NPM & Node.js Vulnerability Scanner (OSV API)
A lightweight tool that scans your Node.js/NPM dependencies and Linux Packages for known vulnerabilities by using the Google OSV API. It reads your project packages and instantly returns any related CVEs.
🧠 How It Works
- Reads
packages/package.json/packages/package.txt - Collects all dependency names and versions
- Sends them to the OSV API
- Receives and displays any vulnerabilities (CVEs) affecting those packages
Linux
- python3 -m venv .venv
- pip install requests openpyxl
- source .venv/bin/activate
- copy packages.json to /packages folder and name it exactly like this 'packages.json' for nodejs otherwise for python use this command:
- pip freeze > packages.txt
- python3 scanner.py npm
Windows
- python3 -m venv .venv
- pip install requests openpyxl
- ./.venv/Script/Activate.ps1
- copy packages.json to /packages folder and name it exactly like this 'packages.json' for nodejs otherwise for python use this command:
- pip freeze > packages.txt
- python3 scanner.py npm
如何使用「OSV 扫描器」?
- 打开小龙虾AI(Web 或 iOS App)
- 点击上方「立即使用」按钮,或在对话框中输入任务描述
- 小龙虾AI 会自动匹配并调用「OSV 扫描器」技能完成任务
- 结果即时呈现,支持继续对话优化