The OSCAL npm package is a command-line interface tool and wrapper for working with OSCAL (Open Security Controls Assessment Language) documents. It provides an easy way to install, update, and use the Java-based OSCAL CLI and OSCAL Server tools.
- Serves as a wrapper around the Java-based OSCAL CLI and OSCAL Server
- Provides an npm-based installation method for OSCAL CLI and OSCAL Server
- Offers functionality to validate, convert, resolve, and scaffold OSCAL documents
- Allows easy version management and switching between OSCAL CLI versions
To use the OSCAL npm package, follow these steps:
- Install the package globally:
npm install oscal -g
- This will install the OSCAL npm package, which will then download and set up the latest version of the OSCAL CLI and OSCAL Server tools.
The OSCAL npm package provides the following commands:
To validate an OSCAL document:
oscal validate -f <path_to_oscal_document>
oscal validate -f <path_to_oscal_document> -e fedramp
To convert an OSCAL document between XML, JSON, and YAML formats:
oscal convert -f <path_to_input_file> -o <path_to_output_file>
To resolve an OSCAL profile:
oscal resolve -i <paths> -o <path_to_output_directory>
To scaffold an OSCAL package:
oscal scaffold -o <path_to_output>
To start the OSCAL Server:
oscal server start
To switch to or install a specific OSCAL CLI version:
oscal use <version>
You can also use OSCAL functions directly in your JavaScript or TypeScript code:
import { validate, fedrampValidationOptions } from 'oscal';
const document = {
// Your OSCAL JSON document here
};
async function validateDocument() {
try {
const result = await validate(document, fedrampValidationOptions);
if (result.isValid) {
console.log('The document is valid.');
} else {
console.log('The document is invalid. Errors:');
result.errors?.forEach(error => console.log(error));
}
} catch (error) {
console.error('An error occurred during validation:', error);
}
}
validateDocument();The OSCAL npm package relies on the following key dependencies:
- commander: For parsing command-line arguments
- xml2js: For parsing and converting XML
- inquirer: For interactive prompts
- cucumber: For running tests
- java: For running oscal-cli and oscal-server
Contributions to the OSCAL npm package are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.
The OSCAL npm package is open-source software licensed under the MIT License.
