Closed nelsonthedev closed 3 years ago
If there is no output, it did not find any vulnerable libraries with the default thresholds. You can try to "force" a result by setting the threshold to "low":
npm-audit-ci-wrapper -t low
The goal of this application is not to show pretty results, but to be able to "break a build"... This means that the main output is either a zero or non-zero exit code.
npm-audit-ci-wrapper -t low && echo "Did not find any vulnerable libraries" || echo "FOUND vulnerabilities"
I am seeing the same issue. I run npm audit --registry https://registry.npmjs.org
and find 6 vulnerabilities (low to moderate).
Running npm-audit-ci-wrapper --threshold=low --registry=https://registry.npmjs.org/
has an empty output.
Looks like this is a side effect of: https://github.com/InfoSec812/npm-audit-ci-wrapper/issues/80
I'm unable to push up my branch to create a pull request. The issue is here where filteredByDev
does not use the ignoreDev
argument. Setting filteredByDev
to advisorsies
if ignoreDev
is false fixed the issue.
https://github.com/InfoSec812/npm-audit-ci-wrapper/blob/trunk/lib/parser.js#L116
I highly recommend that you use Sonatype's auditjs as a replacement. I am just going to mark this project as deprecated.
Hi, I just installed and executed the tool in my project but I get no outcome from it even though the regular npm-audit does.
Am I missing something?
npm install --save-dev npm-audit-ci-wrapper npx npm-audit-ci-wrapper