LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
This isn't the most tested code in the world at this point, but it's a starting point for us to begin generating lockfiles to test various edge cases.
Some of these edge cases are documented in the comments of the relevant replace-package command.
The test command that runs is something like this:
yarn run dev replace-package /<repo>/lunatrace/npm-package-cli/src/tests/fixtures/npm-project --old "got-scraping@3.2.8" --new "got-scraping@3.2.12"
That successfully updates the package as is expected!
Next step is to rip this code into a module that we can import from the backend to use this functionality. I'll do that as soon as I get the GitHub PR code written.
This isn't the most tested code in the world at this point, but it's a starting point for us to begin generating lockfiles to test various edge cases.
Some of these edge cases are documented in the comments of the relevant
replace-package
command.The test command that runs is something like this:
That successfully updates the package as is expected!
Next step is to rip this code into a module that we can import from the backend to use this functionality. I'll do that as soon as I get the GitHub PR code written.