Add nsp support to all packages & plugins. #187
Comments
|
👍 I haven't use nsp before but sounds like a good idea to me. |
|
That sounds good. Can you run nsp against this repo and show how it looks? |
|
Did you get a chance to test it out? I would figure that all we need to do is add it as an NPM script. |
|
Nope. I didn't try it out, yet. I'll try it now. |
|
|
|
It looks like they currently only make it easy to use a command line utility, but the gulp-nsp project shows how we could create an npm script to run the nsp package: https://github.com/nodesecurity/gulp-nsp/blob/master/index.js |
|
Why couldn't you just install the command line as a devDependency and run it from an NPM script? |
|
Oh yeah. Yep it works: |
|
As an npm script you won't even have to add |
|
You're right. Where's the best place to integrate it? At the end of |
|
|
|
Actually, running it directly works It doesn't need the extra script. |
|
I copied the list to the first comment. We've only updated feathers core, so far. |
|
All plugins have a PR. |
|
@marshallswain what's the issue with nedb? Would be nice to close this issue out. |
|
Looks like @daffl fixed it. |
|
👍 |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue with a link to this issue for related bugs. |
I think it's a good idea to add this into the build/publishing process so we get alerts of vulnerabilities that pop up. What do you guys think? @feathersjs/core-team
https://nodesecurity.io/tools
We need to do this to each of these:
The text was updated successfully, but these errors were encountered: