# `NPM.Security.Audit`
[🔗](https://github.com/elixir-volt/npm_ex/blob/v0.7.4/lib/npm/security/audit.ex#L1)

Security audit for npm packages.

Checks installed packages against known vulnerabilities.
This module provides the data structures and analysis logic;
the actual advisory data would come from the npm audit API.

# `advisory`

```elixir
@type advisory() :: %{
  id: non_neg_integer(),
  title: String.t(),
  severity: severity(),
  vulnerable_versions: String.t(),
  patched_versions: String.t() | nil,
  url: String.t() | nil
}
```

# `finding`

```elixir
@type finding() :: %{
  package: String.t(),
  installed_version: String.t(),
  advisory: advisory()
}
```

# `severity`

```elixir
@type severity() :: :critical | :high | :moderate | :low | :info
```

# `check`

```elixir
@spec check(map(), [advisory()]) :: [finding()]
```

Checks a lockfile against a list of advisories.

Returns findings — packages that match vulnerable version ranges.

# `compare_severity`

```elixir
@spec compare_severity(severity(), severity()) :: :gt | :lt | :eq
```

Compares two severity levels. Returns :gt, :lt, or :eq.

# `filter_by_severity`

```elixir
@spec filter_by_severity([finding()], severity()) :: [finding()]
```

Filters findings by minimum severity level.

# `fixable?`

```elixir
@spec fixable?(finding()) :: boolean()
```

Checks if a finding has a patch available.

# `format_finding`

```elixir
@spec format_finding(finding()) :: String.t()
```

Formats a finding as a human-readable string.

# `summary`

```elixir
@spec summary([finding()]) :: %{
  total: non_neg_integer(),
  critical: non_neg_integer(),
  high: non_neg_integer(),
  moderate: non_neg_integer(),
  low: non_neg_integer(),
  fixable: non_neg_integer()
}
```

Returns a summary of audit findings.

---

*Consult [api-reference.md](api-reference.md) for complete listing*