Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add npm audit hook to CI #118

Closed
marutypes opened this issue May 18, 2018 · 3 comments
Closed

Add npm audit hook to CI #118

marutypes opened this issue May 18, 2018 · 3 comments
Labels
Area: Security 🔑 Effort: low good first issue Good for newcomers Impact: medium Type: Feature Request 🙌 Request a new feature or changes to an existing one

Comments

@marutypes
Copy link
Contributor

We should keep our libraries secure from known bad packages. We can use npm audit in our CI as a step towards this goal.
@marutypes
Copy link
Contributor Author

We can't actually use this yet unless we switch off of yarn :(

@TzviPM TzviPM added Type: Feature Request 🙌 Request a new feature or changes to an existing one and removed automation labels Aug 28, 2018
@michenly
Copy link
Contributor

There is a command call yarn audit to use for this now.

@GoodForOneFare
Copy link
Member

fwiw, my current project hasn't found yarn audit to be very usable because:

  • It fails an any flagged dependency (even it's an info warning, and you've set --level critical)
  • It fails on deeply nested dependencies that would require multiple PRs in multiple repos to solve

So the effort involved in this would be:

  • Adding a wrapper that ignores exit codes that aren't >= --level (or a PR to change Yarn's behaviour!)
  • Constantly rabbit-holing through PRs in multiple 3rd party repos
  • Also adding a 💩-list to the wrapper that unblocks CI while the above PRs churn

So I'm not saying it's useless, but it's not a 🎁 killer feature 😞

@keyfer keyfer closed this as completed Sep 23, 2020
michenly pushed a commit that referenced this issue Feb 25, 2021
Merge pull request #118 from Shopify/generate-schema-types
91691a3 
Update generateSchemaTypes to group import and export statements
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Security 🔑 Effort: low good first issue Good for newcomers Impact: medium Type: Feature Request 🙌 Request a new feature or changes to an existing one
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@GoodForOneFare @michenly @TzviPM @marutypes @keyfer