Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add npm audit resolve command #10

Closed
wants to merge 4 commits into from
Closed

Add npm audit resolve command #10

wants to merge 4 commits into from

Conversation

naugtur
Copy link

@naugtur naugtur commented Jul 12, 2018
edited
Loading

Add means for a human to resolve issues if they can't be fixed and interactively make decisions about each issue.

See https://npm.community/t/interactive-tool-to-manage-audit-findings-npm-audit-resolve/197

I'm still hoping to discuss this, as I assume I'm not aware of all npm-cli features and modes of operation.

TODO:

  • (partially done) add handling of npm configuration like prefix that I don't know how to do as of now
  • make npm audit use the audit-resolv.json if present
  • fix node6 support (a dependency is using ... syntax)

@naugtur naugtur requested a review from a team as a code owner July 12, 2018 18:18
@naugtur naugtur changed the title Audit resolver Add npm audit resolve command Jul 12, 2018
@zkat zkat force-pushed the release-next branch 2 times, most recently from 614c234 to 322d9c2 Compare July 13, 2018 17:46
@zkat zkat added security semver:minor new backwards-compatible feature labels Jul 18, 2018
@zkat zkat requested a review from evilpacket July 23, 2018 20:48
@zkat
Copy link
Contributor

zkat commented Jul 23, 2018

Hey @naugtur! We just met to talk about this stuff and how to handle this PR. The conclusion is a couple of points:

  1. This is definitely the sort of thing we want, and it's really awesome that you took the initiative to do this. It was already on our roadmap, so it does get some level of priority. Thank you!
  2. This needs a full-fledged RFC and some back-and-forth discussions between you, @evilpacket, and @iarna, so we can suss out all the little decisions and details for this thing's behavior.
  3. The client library should live under the npm github org for what we consider to be security reasons, and follow our standard repo practices (which we can help you set up). Obvs, you'd be given write access to that repo :)
  4. I'm going to close this specific PR because of the above decisions that need to be made, and I look forward to getting this feature into the CLI!

@zkat zkat closed this Jul 23, 2018
@zkat zkat reopened this Jul 26, 2018
@zkat zkat closed this Jul 26, 2018
@zkat zkat removed the in-progress label Jul 26, 2018
@naugtur
Copy link
Author

naugtur commented Jul 29, 2018

Sounds legit.
I'll start the RFC in a day or two.

It'd be nice, since it's an interactive tool, to get some feedback from people using it in the wild. I wonder how to put my early version in front of some people as a trusted-tester stage for the resolver.
I'll include that concern in the RFC, let's not keep this thread going here.

@dead-claudia
Copy link

@naugtur Could you post a comment here once you've done that, so I can subscribe to the RFC discussion?

@naugtur
Copy link
Author

naugtur commented Jul 31, 2018

Sure, I wanted to have it posted already, but it's a little intimidating and I feel like I need to write a lot :)

@naugtur naugtur mentioned this pull request Aug 5, 2018
Open
@naugtur
Copy link
Author

naugtur commented Aug 5, 2018

The RFC is up. Hope it was worth the wait...
npm/rfcs#18

cc @isiahmeadows

@wyattjoh wyattjoh mentioned this pull request Oct 19, 2018
Merged
mansona added a commit to mansona/cli that referenced this pull request Feb 15, 2019
@mansona
updating link to RFC npm#10 in the changelog
8ca86e5
mansona added a commit to mansona/cli that referenced this pull request Feb 15, 2019
@mansona
updating link to RFC npm#10 in the changelog
2e4b6eb
zkat pushed a commit that referenced this pull request Feb 18, 2019
@mansona @zkat
docs: updating link to RFC #10 in the changelog (#162)
489c221 
PR-URL: #162
Credit: @mansona
Reviewed-By: @zkat
@nfriedly nfriedly mentioned this pull request Sep 10, 2020
Closed
@EMWickd EMWickd mentioned this pull request May 17, 2023
Open
@Omrisnyk Omrisnyk mentioned this pull request Apr 30, 2024
Open
@Omrisnyk Omrisnyk mentioned this pull request May 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evilpacket evilpacket Awaiting requested review from evilpacket

Assignees
No one assigned
Labels
semver:minor new backwards-compatible feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@naugtur @zkat @dead-claudia