Closed Chris-Turner-NIST closed 5 months ago
pandatix
commented
7 months ago Hey Christopher, what about https://github.com/pandatix/js-cvss aka NPM @pandatix/js-cvss ?
Chandan used it for Vulnogram upcoming release and was very happy about it :)
I think a better solution would be to refactor the calculator to split up the core value (CVSS V4 functionalities) from the GUI.
Chris-Turner-NIST
commented
7 months ago Hey Lucas, thanks for the quick response! We are currently looking into this repository for our calculator page and were already aware of the hard work you did for https://github.com/pandatix/js-cvss. Our preference is to avoid using two sets of "truth". As you seem to understand, the way things are currently written aren't friendly for alternative use cases of the CVSS v4 functionalities.
Re:
I think a better solution would be to refactor the calculator to split up the core value (CVSS V4 functionalities) from the GUI.
No disagreement here 😄
skontar
commented
7 months ago If someone would try to integrate js-cvss into this project or make a different attempt to decouple math from GUI so it still runs without build steps, then I would be happy to look at it.
MattBudz
commented
7 months ago Also in for this. I'm not using vue (nor do I want to) and I need to implement v4 into a Rails app. The previous v3.0 and v3.1 were a lot more developer-friendly. I'll take a look at js-cvss but it'd be nice to run the official script.
skontar
commented
7 months ago @MattBudz You could use https://github.com/RedHatProductSecurity/cvss as a base. It is written in Python and has a lot of tests for v4.0 generated using the Javascript implementation.
Would it be possible to refactor this code so the CVSS V4 score function can be called as a JavaScript function without the dependency on Vue?