Continuous Monitoring of npm audit results #48
Labels
dependencies
Pull requests that update a dependency file
enhancement
New feature or request
good-first-issue
Good for newcomers
Security
Related to existing or potential security vulnerabilities
Tying the CI success to npm audit is not a good idea because the CI could then break without the source code having changed at all.
Instead have monitoring/alerting set up somehow (maybe as part of the CI script and a webhook/callout) or just as a sticker on the README.
The text was updated successfully, but these errors were encountered: