Closed milt closed 3 years ago
I'm curious how this works - if there are security vulnerabilities, how exactly will npm audit
cause CI to fail? Nonzero exit code?
Yep. It's zero if everything's OK, but if there is any vulnerability it should fail
I'd prefer a flag on npm
install that makes it fail if there are any vulnerabilities, since it runs npm audit
anyways, but for some reason that doesn't seem to be a thing?
Dependabot is nice but we only get alerts when code hits master. Add
npm audit
to the CI workflow so it fails if any sec issues are detected!