From 059a27c66140be5894d5289742d8b9f64788e05b Mon Sep 17 00:00:00 2001 From: Leonard Martin Date: Wed, 1 Aug 2018 16:20:57 +0100 Subject: [PATCH] Add npm audit to ci pipeline I have created a wrapper for it, because `npm audit` itself _always_ fails if _any_ vulnerabilities are present, and we don't want to fail on low or moderate vulnerabilities. This issue has been PR'ed in npm, so if/when https://github.com/npm/cli/pull/31 is merged and released then the command can be swapped for a basic `npm audit`. --- .drone.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.drone.yml b/.drone.yml index 24e69205..9ad9bfb6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,6 +10,15 @@ pipeline: when: event: [push, pull_request, tag] + audit: + image: node:8 + secrets: + - npm_auth_token + commands: + - npx @lennym/ciaudit + when: + event: [push, pull_request, tag] + compile: image: node:8 secrets: