eco-guardian

eco-guardian

eco-guardian is a Node.js CLI vulnerability scanner for local dependency inventories across 16 ecosystems:

• npm, Maven, Gradle, NuGet, VSCode extensions, Python, Go
• Ruby, Rust, PHP, Dart, Elixir, C/C++ (Conan), Haskell, Swift, R

It discovers dependency manifests locally, queries OSV (plus npm advisory cross-checks for npm packages), and enriches Java findings with NVD data using parallel CPE queries with pagination and keyword-search version verification.

Setup

Run without cloning

npx github:boredom1234/eco-guardian

You can also invoke it directly if you have the package available via npx:

npx eco-guardian

Run from source

npm install
node eco-guardian.js

Usage

node eco-guardian.js [flags]

Examples:

node eco-guardian.js --path ./my-project --severity high
node eco-guardian.js --ecosystems scan-all
node eco-guardian.js --ecosystems npm,maven,gradle,nuget,vscode,python,go,ruby,rust,php,dart,elixir,conan,haskell,swift,r
node eco-guardian.js --graph-resolution --ecosystems npm,maven,gradle
node eco-guardian.js --ecosystems gradle --graph-resolution --gradle-task :application:dependencies --path ./service
node eco-guardian.js --nvd-mode on --ecosystems maven,gradle
node eco-guardian.js --nvd-mode on --ecosystems maven --nvd-api-key xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# Or via environment variable:
set NVD_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx && node eco-guardian.js --ecosystems maven,gradle --graph-resolution
node eco-guardian.js --no-nvd --ecosystems gradle
node eco-guardian.js --export-html report.html --export-sarif report.sarif
node eco-guardian.js --baseline .eco-guardian-baseline.json --strict-baseline
node eco-guardian.js --watch --notify-on-severity high
node eco-guardian.js --ui

Flags

Flag	Description
--path <dir>	Scan a specific directory.
--global-only	Scan only global npm installs.
--ecosystems <list|scan-all>	Comma-separated list or scan-all for all 16 ecosystems (default: npm).
--graph-resolution	Resolve dependency graphs with ecosystem-native resolvers.
--ui	Launch a local browser UI for generating CLI commands.
--gradle-task <task>	Gradle dependencies task to execute for graph resolution (e.g. :app:dependencies).
--dependency-check-mode	Compatibility alias for --nvd-mode on.
--nvd-mode <auto|on|off>	NVD enrichment mode for Java ecosystems (maven, gradle). Default: auto.
--no-nvd	Disable NVD enrichment.
--nvd-api-key <key>	NVD API key for higher rate limits (also reads NVD_API_KEY env).
--severity <level>	Minimum severity: low, moderate, high, critical.
--json	Print findings JSON to stdout.
--banner <on|off>	Toggle CLI chrome/progress output.
--no-cache	Disable local cache reads/writes.
--fix	Generate fix scripts (npm, maven, nuget, python, go, ruby, rust, php, dart, elixir, r).
--export-txt <file>	Export TXT report.
--export-html <file>	Export HTML report.
--export-sarif <file>	Export SARIF 2.1.0 report.
--export-json <file>	Export JSON report.
--export-csv <file>	Export CSV report.
--baseline <file>	Apply baseline suppression file.
--write-baseline <file>	Write current findings as a baseline.