Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Delay local cache update n seconds for critical|high|moderate|low & major|minor|patch #186

Open
datocrats-org opened this issue Oct 15, 2019 · 0 comments
Open

FR: Delay local cache update n seconds for critical|high|moderate|low & major|minor|patch #186

datocrats-org opened this issue Oct 15, 2019 · 0 comments

Comments

@datocrats-org
Copy link

Detailed Description

For the criticality of any security vulnerabilities from npm audit set update listener settings to t seconds

Context

  • To mitigate errors during intial commit of new minor versions or patches, delay any updates to the local-npm server until t seconds after the commit.
  • Ignore major versions, go ahead and cache those right away
  • Allow for different rules for any combination of semver release type major|minor|patch|any and vulnerability priority low|moderate|high|critical|any
  • Suggestion: set default delay times, example commands
--delay-updates -p=critical -semver=any -t=0
# delay 24 hours
--delay-updates -p=high -semver=minor -t=86400
# delay high 12 hours
--delay-updates -p=high -semver=patch -t=43200

Customized risk acceptance and vulnerability mitigation speed
@datocrats-org datocrats-org changed the title FR: Delay local cache update n seconds for critical|high|medium|low & major|minor|patch FR: Delay local cache update n seconds for critical|high|moderate|low & major|minor|patch Oct 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@datocrats-org