Skip to content

aaronmccall/cvss

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

index.js

index.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

cvss

A CommonJS library for working with Common Vulnerability Scoring System vectors and scores.

Install

npm i cvss

Usage

var cvss = require('cvss');

var score = cvss.getScore('CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L');

console.log(score) // => 6.2

var rating = cvss.getRating(score);

console.log(rating) // => Medium

#getScore [String or Object input], [Object options (optional)]

This is the main scoring method. It may be called with either a valid CVSS3 vector string ('CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L') or an object containing the key/value pairs ({ AV: 'P', AC: 'H', PR: 'N', UI:'R', S: 'C', C: 'L', I: 'H', A: 'L' }) corresponding to one as its input parameter.

The optional options parameter controls whether validation errors throw or not and whether optional temporal and environmental metrics are considered in score calculation

options

  • throw: if validation returns an error, throw the error
  • baseOnly: only consider base metrics when calculating score
  • temporal: include temporal metrics when calculating score
  • env: include temporal AND environmental metrics when calculating score (both are included per CVSS3 spec)

#getBaseScore [String or Object input], [Object options (optional)]

Accepts the same arguments as getScore above, but enforces the baseOnly option.

#getTemporalScore [String or Object input], [Object options (optional)]

Accepts the same arguments as getScore above, but enforces the temporal option.

#getEnvironmentalScore [String or Object input], [Object options (optional)]

Accepts the same arguments as getScore above, but enforces the environmental option.

#getRating [Number score]

Given a numeric score, returns the appropriate CVSS3 severity rating for that number: None for scores < 0.1, Low for scores >= 0.1 and < 4, Medium for scores >=4 and < 7, High for scores >= 7 and < 9, Critical for scores >= 9.

#getBase [String or Object input], [Object options (optional)]

Returns an object with the base score and its rating. Equivalent to

{
    score: getBaseScore(input),
    rating: getRating(getBaseScore(input))
}

#getEnvironmental [String or Object input], [Object options (optional)]

Returns an object with the environmental score and its rating. Equivalent to

{
    score: getEnvironmentalScore(input),
    rating: getRating(getEnvironmentalScore(input))
}

#getTemporal [String or Object input], [Object options (optional)]

Returns an object with the environmental score and its rating. Equivalent to

{
    score: getTemporalScore(input),
    rating: getRating(getTemporalScore(input))
}

#getAll [String or Object input], [Object options (optional)]

Returns object with the score and rating for all three scores:

{
    base: getBase(input),
    temporal: getTemporal(input),
    environmental: getEnvironmental(input)
}

About

A CommonJS library for working with Common Vulnerability Scoring System vectors and scores.

Resources

Readme

License

ISC license
Activity

Stars

11 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages