A professional command-line tool for cross-language dependency vulnerability scanning and analysis. Built by x2y dev tools | Leverages the OSV (Open Source Vulnerability) database for precise vulnerability data.
- GitHub Repository: https://github.com/x2yDevs/x2y-guardian
- npm Package: https://www.npmjs.com/package/x2y-guardian
- More x2y Tools: https://x2ydevs.xyz
x2y-guardian is designed for developers and security teams who want a unified solution for scanning projects across multiple languages and package managers. By leveraging the OSV (Open Source Vulnerability) database and aggregating data from key security advisories, it provides accurate, up-to-date vulnerability information for dependencies, ensuring safe and secure software projects.
- Multi-language Support: Scan JavaScript/Node.js, Python, Java (Maven, Gradle), Go, Rust, PHP, and Ruby projects with a single tool.
- Precise Vulnerability Matching: Accurate mapping of vulnerabilities to package versions using the OSV schema.
- Comprehensive Audit: Detects outdated dependency versions in all supported ecosystems.
- Advanced Parsing: Supports complex scenarios like nested modules, dev-dependencies, Maven
dependencyManagement, replace directives in Go, andGemfile/Gemfile.lockin Ruby. - Multiple Output Formats: Console output for development and JSON for easy integration into CI/CD pipelines.
- Cross-platform: Compatible with Windows, macOS, and Linux.
| Language/Ecosystem | Files Scanned | Package Manager |
|---|---|---|
| JavaScript/Node.js | package.json |
npm |
| Python | requirements.txt, pyproject.toml |
pip |
| Java | pom.xml, build.gradle, build.gradle.kts |
Maven, Gradle |
| Go | go.mod |
Go Modules |
| Rust | Cargo.toml |
Cargo |
| PHP | composer.json |
Composer |
| Ruby | Gemfile, Gemfile.lock |
RubyGems |
Install globally via npm:
npm install -g x2y-guardian-
x2y-guardian hello: Display a friendly greeting and check basic functionality. -
x2y-guardian scan: Scan the current project directory for dependency vulnerabilities. -
x2y-guardian audit: Audit dependencies to detect outdated versions.
Use the --path and --output flags to customize your scan:
Bash
# Display greeting
x2y-guardian hello
# Scan current project in the default console format
x2y-guardian scan
# Scan a specific path with console output
x2y-guardian scan --path /path/to/your/project --output console
# Scan a specific path and output results as JSON
x2y-guardian scan --path /path/to/your/project --output json
# Audit dependencies for outdated versions
x2y-guardian audit
x2y-guardian aggregates and normalizes vulnerability data from various authoritative sources, adopting the OSV (Open Source Vulnerability) schema for maximum accuracy and compatibility:
-
GitHub Security Advisories
-
PyPA (Python Package Authority)
-
RustSec (Rust Security Advisory Database)
-
Global Security Database
This project is licensed under the MIT License, the same as the core x2y SDK. See the LICENSE file for full details.