-
-
Notifications
You must be signed in to change notification settings - Fork 749
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add nsp support to all packages & plugins. #187
Comments
👍 I haven't use nsp before but sounds like a good idea to me. |
That sounds good. Can you run nsp against this repo and show how it looks? |
Did you get a chance to test it out? I would figure that all we need to do is add it as an NPM script. |
Nope. I didn't try it out, yet. I'll try it now. |
It looks like they currently only make it easy to use a command line utility, but the gulp-nsp project shows how we could create an npm script to run the nsp package: https://github.com/nodesecurity/gulp-nsp/blob/master/index.js |
Why couldn't you just install the command line as a devDependency and run it from an NPM script? |
Oh yeah. Yep it works: |
As an npm script you won't even have to add |
You're right. Where's the best place to integrate it? At the end of |
|
Actually, running it directly works It doesn't need the extra script. |
I copied the list to the first comment. We've only updated feathers core, so far. |
All plugins have a PR. |
@marshallswain what's the issue with nedb? Would be nice to close this issue out. |
Looks like @daffl fixed it. |
👍 |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue with a link to this issue for related bugs. |
I think it's a good idea to add this into the build/publishing process so we get alerts of vulnerabilities that pop up. What do you guys think? @feathersjs/core-team
https://nodesecurity.io/tools
We need to do this to each of these:
The text was updated successfully, but these errors were encountered: