0.0.1 • Published 5 years ago
audit-cache v0.0.1
Intro
npm audit
is great but...
1. there's no way to whitelist advisories so you don't see them again, and
2. if you run it all the time (eg: as part of CI) it'll block you.
Usage
- Run
npx @medic/audit-dependencies audit
. This will runnpm audit
. If you have any advisories, either fix them, or add the IDs to thepermitted
array in the.auditrc.json
file, then runaudit
again. - In your CI add a step for
npx @medic/audit-dependencies check
. This will check yourpackage-lock.json
against the one that's been verified and fail if it's changed.
0.0.1
5 years ago