Closed f4irline closed 4 years ago
Hey @f4irline
You are completely right. It makes total sense to have proper exit code. Feel free to submit a PR. ;)
Thanks for contribution.
I have just released yarn-audit-html@1.4.0
containing your fix. ;)
This is a nice feature, but wouldn't it make more sense for this to just pass through the real return code of yarn audit
? For example, I am looking for audit code 16+ to see if there are any criticals, but I lose that functionality when your package only returns 1
to me.
Hey, and thanks for this useful package!
I'm using this myself in a CI-pipeline. I realized that even if just basic
yarn audit
exits with code "1" when vulnerabilities were found, usingyarn-audit-html
ignores this exit code completely andyarn-audit-html
exits with code "0" after creating the audit report. Exiting with code other than "0" could be useful in pipelines for example when determining if some script should be executed when vulnerabilities are found. This could also be optional with some flag given as parameter foryarn-audit-html
.My flow in the CI-job for example works like this (job is ran in an scheduled pipeline every week):
yarn-audit-html
as local dependency (not global)yarn audit --json | ./node_modules/.bin/yarn-audit-html --output audit.html
exit code !== 0
), send theaudit.html
report in an email to predetermined recipients. If not (ifexit code === 0
), just print "No vulnerabilities found."I have a working implementation almost ready, and can make a pull request, if this feels like a useful feature. My implementation is only missing the "optionality" in this feature.