Make yarn-audit-html exit with code "1" when vulnerabilities found

[f4irline]

Hey, and thanks for this useful package!

I'm using this myself in a CI-pipeline. I realized that even if just basic yarn audit exits with code "1" when vulnerabilities were found, using yarn-audit-html ignores this exit code completely and yarn-audit-html exits with code "0" after creating the audit report. Exiting with code other than "0" could be useful in pipelines for example when determining if some script should be executed when vulnerabilities are found. This could also be optional with some flag given as parameter for yarn-audit-html.

My flow in the CI-job for example works like this (job is ran in an scheduled pipeline every week):

1. Install yarn-audit-html as local dependency (not global)
2. Configure email-utilities in the CI-runner
3. Run yarn audit --json | ./node_modules/.bin/yarn-audit-html --output audit.html
4. If vulnerabilities are found (if exit code !== 0), send the audit.html report in an email to predetermined recipients. If not (if exit code === 0), just print "No vulnerabilities found."

I have a working implementation almost ready, and can make a pull request, if this feels like a useful feature. My implementation is only missing the "optionality" in this feature.

[davityavryan]

Hey @f4irline

You are completely right. It makes total sense to have proper exit code. Feel free to submit a PR. ;)

[davityavryan]

Thanks for contribution. I have just released yarn-audit-html@1.4.0 containing your fix. ;)

[achuinard]

This is a nice feature, but wouldn't it make more sense for this to just pass through the real return code of yarn audit? For example, I am looking for audit code 16+ to see if there are any criticals, but I lose that functionality when your package only returns 1 to me.