-
Set up a CI workflow that runs npm audit on every pull request to identify vulnerabilities in dependencies and ensure secure libraries are being used.
-
```
# npm audit report
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
Depends on vulnerable versions of lodash
fix available via …
-
ran npm install, raised audit errors, ran npm audit, these spit out.
```bash
# npm audit report
axios
-
Any plans to update dependencies to fix npm audit issues?
-
found 905 vulnerabilities (66 low, 14 moderate, 824 high, 1 critical) in 38434
scanned packages
run `npm audit fix` to fix 841 of them.
64 vulnerabilities require semver-major …
-
https://github.com/orangespaceman/phx/actions/runs/11059114928/job/30726682384?pr=114
Install Dependencies step failing with the following:
```
npm WARN EBADENGINE Unsupported engine {
npm WAR…
-
what would have to happen to run `npm audit` inside the nix sandbox?
-
When running the tool in a CI workflow there are situations where we need to ignore findings. npm audit does not have a native ignore option. An option to add packages, versions, heirarchy, and reason…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### This issue exists in the latest npm version
- [X] I am using the latest npm
### Current Behavior
When instal…
-
When the user clones and installs the SSMT-UI project, the user is prompted to use 'npm audit fix' to fix vulnerabilities. The packages need to be fixed.
Expected Behaviour:
When the user clones t…