ci: Enable npm audit check

feature/default_network_editable
Whymarrh Whitby 5 years ago
parent 569a8e5945
commit ea142a4dd6
  1. 26
      .circleci/config.yml
  2. 12
      .circleci/scripts/npm-audit
  3. 24
      .circleci/scripts/npm-audit-check.js

@ -17,9 +17,9 @@ workflows:
- test-lint:
requires:
- prep-deps-npm
# - test-deps:
# requires:
# - prep-deps-npm
- test-deps:
requires:
- prep-deps-npm
- test-e2e-chrome:
requires:
- prep-deps-npm
@ -156,16 +156,16 @@ jobs:
name: Test
command: npm run lint
# test-deps:
# docker:
# - image: circleci/node:8.11.3-browsers
# steps:
# - checkout
# - attach_workspace:
# at: .
# - run:
# name: Test
# command: sudo npm install -g npm@6 && npm audit
test-deps:
docker:
- image: circleci/node:8.15.1-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: npm audit
command: .circleci/scripts/npm-audit
# test-e2e-beta-drizzle:
# docker:

@ -0,0 +1,12 @@
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
if ! npm audit
then
! npm audit --json > audit.json
printf '%s\n' ''
node .circleci/scripts/npm-audit-check.js
fi

@ -0,0 +1,24 @@
const path = require('path')
const audit = require(path.join(__dirname, '..', '..', 'audit.json'))
const error = audit.error
const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k])
if (error) {
process.exit(1)
}
let count = 0
for (const advisory of advisories) {
if (advisory.severity === 'low') {
continue
}
count += advisory.findings.some((finding) => (!finding.dev && !finding.optional))
}
if (count > 0) {
console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`)
process.exit(1)
} else {
console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`)
}
Loading…
Cancel
Save