As a user, I want to autonomously run and monitor NPM security vulnerabilities

[jordanpadams]

Checked for duplicates

Yes - I've already checked

🧑‍🔬 User Persona(s)

ITSec, Manager

💪 Motivation

...so that I can run a vulnerability audit and autonomously determine which of those vulnerabilities can be ignored.

📖 Additional Details

See https://www.npmjs.com/package/better-npm-audit

Acceptance Criteria

Given an the wds-react repo When I perform npm audit Then I expect to receive the NPM vulnerabilities identified, ignoring those that have been triaged and are known non-issues.

⚙️ Engineering Details

• [ ] Document how to do install and run the better-npm-audit package
• [ ] Configure the .nsprc file to appropriately ignore those triaged vulnerabilities we either cannot or will not update
• [ ] Once this task completes, https://github.com/NASA-PDS/roundup-action/issues/115 should be added to next Sprint Backlog

[jordanpadams]

@anilnatha a useful starter task to get this moving forward. this can probably go along with #95. @tloubrieu-jpl can probably help direct you to the PR that @eddiesarevalo completed to triage a lot of these vulnerabilities that are non-issues.