ghost
commented
6 years ago I've reviewed and deployed the JS engines. What's missing is the scoping in the package name and the vulnerable line of code in the output.
Closed streichsbaer closed 6 years ago
ghost
commented
6 years ago I've reviewed and deployed the JS engines. What's missing is the scoping in the package name and the vulnerable line of code in the output.
Make the following changes:
Ensure the path is relative (without leading ./)
Ensure the package.json has the private attribute
Ensure the package name is scoped
Review whether we even need to publish engines
Ensure the vulnerable line of code is in the output
Ensure the raw tool output is in the output -> will be take care of with the new output format</edit andy>
references: guardrailsio/Sprint#129