lstn CLI
Configuration
Customizing Output

Customizing output

lstn commands can produce JSON output using the --json or -q flag. This flexibility allows for a range of use cases such as:

  • Defining policy-based rules: filter the required context from verdicts to assert policies. For example, blocking a CI build in case of a dependency with "priority": "critical". Read more about policies here.
  • Building workflows on top of verdicts
    • some examples include integration with a reporting tool, writing to a database, or visualization in a dashboard.
  • Feedback during local development: JSON output can be filtered through custom expressions using the built-in -q / --jq utility. One example is to display readable output inside the console e.g. lstn to react --json | jq

Filtering output using jq

Below are some examples of how the output of lstn commands can be filtered using jq expressions:

Only return packages with verdicts

To return only the packages that have a verdict, use the following command:

lstn to <package-name> --json | jq -c '.[] | select(.verdicts != [])'

Return verdicts based on priority level

To return only the packages for a specific priority level, use the following command:

lstn to jq --json | jq -c '.[] | .verdicts[] | select(.priority == "<priority-level>")’

For example, lstn to jq --json | jq -c '.[] | .verdicts[] | select(.priority == "critical")’

Return verdicts based on a specific package name or version

To return only the packages that have a verdict, use the following command:

lstn in <project-directory> --json | -q select(.name == "<package-name>")

For example, lstn to jq --json | -q -c select(.name == "lodash")'

Get all verdicts for a specified message

To get all verdicts for a specified message, use the following command:

lstn to jq --json | jq -c '.[] | .verdicts[] | select(.message == "unexpected outbound connection destination")’

Replace the "unexpected outbound connection destination" with the message you want to retrieve verdicts for. The output of this command will be a list of verdicts for the specified message.

Return verdicts for the specified metadata value

To return only the packages that have a verdict, use the following command:

lstn to <package-name> --json | jq -c '.[] | .verdicts[] | .metadata | select(.<metadata-key> == <metadata-value>)’

Replace the 443 with the metadata value you want to retrieve verdicts for. The output of this command will be a list of verdicts for the specified metadata value.

For example lstn to jq --json | jq -c '.[] | .verdicts[] | .metadata | select(.server_port == 443)’

List the name of all packages

To return only the packages that have a verdict, use the following command:

lstn --json | jq -c '.[] | .name’

Return a list of verdicts

To return only the packages that have a verdict, use the following command:

lstn --json | jq -c '.[] | .verdicts'

This combination outputs only packages with verdicts.

CLI Flagslstn.yaml