Share
## https://sploitus.com/exploit?id=46CD767C-AB3D-556B-BF5F-EBD8687ED062
# audit-axios

Scan local repos for vulnerable axios versions and patch interactively.

Targets [**CVE-2026-40175**](https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx) โ€” CRLF Header Injection leading to Request Smuggling & SSRF. CVSS 9.9, affects all axios < 1.15.0.

## Quick Start

```bash
npx audit-axios ~/Workspace ~/Projects
```

## Usage

```bash
# Interactive โ€” checkbox select + bulk action
audit-axios ~/Workspace ~/Projects

# Scan only (CI-friendly, exit code 1 if vulnerable)
audit-axios --scan-only ~/Workspace

# Auto-patch everything
audit-axios --auto-patch ~/Workspace ~/Projects

# Custom minimum version
audit-axios --min-version 1.16.0 --target "^1.16.0" ~/Workspace
```

## Interactive Controls

| Key | Action |
|-----|--------|
| `space` | Toggle select/deselect |
| `a` | Select all |
| `n` | Deselect all |
| `j/k` or arrows | Navigate |
| `enter` | Confirm โ†’ choose action |
| `q` | Quit |

## Options

| Flag | Description | Default |
|------|-------------|---------|
| `--scan-only` | Report only, no prompts | โ€” |
| `--auto-patch` | Patch all without prompting | โ€” |
| `--min-version` | Minimum safe version | `1.15.0` |
| `--target` | Target version spec | `^1.15.0` |

## Features

- Zero dependencies โ€” Node.js built-ins only
- Auto-detects npm, yarn, pnpm (including `packageManager` field)
- Monorepo workspace-aware (pnpm-workspace.yaml, yarn workspaces)
- Severity labels (CRITICAL / HIGH / MEDIUM) based on version gap
- CI mode with `--scan-only` (exit 1 on vulnerability found)

## License

MIT