fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:request:20160119 Latest report for bitrinjani/r2: https://snyk.io/test/github/bitrinjani/r2
bitrinjani · Feb 10, 2018 · bc5d22c · bc5d22c
1 parent 7de3f20
commit bc5d22c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,11 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.10.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hawk:20160119':
+    - '@bitr/bitflyer-fx > coveralls > log-driver > codecov.io > request > hawk':
+        patched: '2018-02-10T04:55:29.501Z'
+  'npm:request:20160119':
+    - '@bitr/bitflyer-fx > coveralls > log-driver > codecov.io > request':
+        patched: '2018-02-10T04:55:29.501Z'
diff --git a/package.json b/package.json
@@ -14,7 +14,9 @@
     "closeCcPosition": "ts-node ./tools/closeCcPosition.ts",
     "closeBfPosition": "ts-node ./tools/closeBfPosition.ts",
     "closeQuPosition": "ts-node ./tools/closeQuPosition.ts",
-    "closeAll": "npm run closeCcPosition && npm run closeBfPosition && npm run closeQuPosition && npm run clearPairs && npm run getBalance"
+    "closeAll": "npm run closeCcPosition && npm run closeBfPosition && npm run closeQuPosition && npm run clearPairs && npm run getBalance",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
   },
   "dependencies": {
     "@bitr/awaitable-event-emitter": "^1.0.3",
@@ -40,7 +42,8 @@
     "simple-statistics": "^5.2.1",
     "split2": "^2.2.0",
     "uuid": "^3.1.0",
-    "zeromq": "^4.6.0"
+    "zeromq": "^4.6.0",
+    "snyk": "^1.69.7"
   },
   "devDependencies": {
     "@types/chalk": "^2.2.0",
@@ -92,5 +95,6 @@
       "!**/vendor/**",
       "!tools/**"
     ]
-  }
+  },
+  "snyk": true
 }