Open Urist-McUristurister opened 1 year ago
Appears that we just need to add a top-level plugins.rb
file and add a after-install hook?
https://bundler.io/guides/bundler_plugins.html#using-bundler-hooks
The plugin would be opt-in so you'd still need to add plugin 'bundler-audit'
to your Gemfile
.
Right now to audit the gems, you have to run a command manually or by using git hooks.
It really would be a nice touch to have an option to install
bundler-audit
as a bundler plugin (or maybe release it as a separate gem?), which would executebundle-audit check -u -q
on everybundle
orbundle install
command (maybe check if Gemfile.lock have actually changed, too?..), then either print a message and exit(1) on failure, or silently move on if everything is good.Human memory is very unreliable, not everyone can remember to manually run the audit every time the Gemfile changes. This feature could really help improve the security.