Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Make npm audit fail the tests #4803

Closed
ianb opened this issue Aug 22, 2018 · 1 comment · Fixed by #4948
Closed

Make npm audit fail the tests #4803

ianb opened this issue Aug 22, 2018 · 1 comment · Fixed by #4948
Milestone
Stretch

Comments

@ianb
Copy link
Contributor

ianb commented Aug 22, 2018

In #4617 (specifically a5935e1) we added npm audit and removed nsp (per #4704). But npm audit is run like npm audit || true, as we have failures we can't reasonably fix. We should reenable it as something that can make the CI tests fail.

I personally would propose we use npm audit --json | ./bin/some_ignoring_script where write some_ignoring_script to parse the JSON and ignore some packages we don't care to fix. E.g., jpm has a dependency (open) with a "critical error" that I feel confident we can ignore (because it is only used in our build system, never with untrusted input).
@ianb ianb mentioned this issue Aug 22, 2018
Closed
@g-k g-k mentioned this issue Aug 22, 2018
Closed
@clouserw clouserw added this to the Stretch milestone Aug 29, 2018
@pdehaan pdehaan mentioned this issue Sep 17, 2018
Merged
@jvehent jvehent mentioned this issue Sep 17, 2018
Open
42 tasks
@g-k
Copy link
Contributor

g-k commented Sep 20, 2018
edited
Loading

We have a handful of projects with this problem in https://bugzilla.mozilla.org/show_bug.cgi?id=147611, so I took a stab at this here: https://github.com/mozilla-services/audit-filter

Let me know if that works for screenshots.

@g-k g-k mentioned this issue Sep 24, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Stretch
Development

Successfully merging a pull request may close this issue.

Fix npm audit fail issue 4803 mozilla-services/screenshots
3 participants
@ianb @clouserw @g-k