Add npm-shrinkwrap.json?

[pdehaan]

@chilts, let me know if you want me to submit a PR which adds dependencies+devDependencies in a shrinkwrap file.

Or close this and tell me to get lost, your call.

[pdehaan]

See #17 (comment)

[pdehaan]

FWIW:

% npm shrinkwrap --dev
wrote npm-shrinkwrap.json

% nsp shrinkwrap
No vulnerable modules found

[chilts]

Sweet, thanks @pdehaan. Presumably if we run that nsp stuff within the fxa-auth-db-mysql repo, that will pick up any vulnerable modules from here?

[pdehaan]

It should, yeah... You can see the latest mozilla/fxa-auth-db-mysql shrinkwrap lint results at: https://shrinkwraplint.herokuapp.com/repo/mozilla/fxa-auth-db-mysql

[pdehaan]

Or here's the full output from my github linter tool:

$ node cli -r mozilla/fxa-auth-db-mysql -o console
mozilla/fxa-auth-db-mysql

package.json
info:
- info: package.json is almost fine. Check the file and run again.
warning:
- warning: missing 'bugs'
- warning: missing 'keywords'
- warning: missing 'homepage'


package.json outdated:
DEPENDENCIES:
NAME                REQUIRED                                                  STABLE  LATEST
bluebird            2.1.3                                                     2.9.14  2.9.14
clone               0.2.0                                                     1.0.1   1.0.1
convict             0.4.2                                                     0.6.1   0.6.1
fxa-auth-db-server  git://github.com/mozilla/fxa-auth-db-server.git#train-32
mozlog              1.0.3                                                     2.0.0   2.0.0
mysql               2.3.2                                                     2.5.5   2.5.5
request             2.36.0                                                    2.53.0  2.53.0

DEVDEPENDENCIES:
NAME                  REQUIRED                               STABLE  LATEST
ass                   git://github.com/jrgm/ass.git#5be99ee
grunt-contrib-jshint  0.10.0                                 0.11.0  0.11.0
load-grunt-tasks      0.6.0                                  3.1.0   3.1.0
mysql-patcher         0.5.1                                  0.7.0   0.7.0
restify               2.8.1                                  3.0.0   3.0.0
tap                   0.4.13                                 0.7.1   0.7.1
uuid                  1.4.1                                  2.0.1   2.0.1


shrinkwrap.json:
MODULE     VERSION  TITLE                                                 PATCHED   DEPENDENCY
validator  1.5.1    validator isURL Regular Expression Denial of Service  >=3.22.1  fxa-auth-db-mysql > convict
validator  1.5.1    Validator XSS Filter Bypass via Encoded URL           >=2.0.0   fxa-auth-db-mysql > convict
qs         0.6.6    qs Denial-of-Service Extended Event Loop Blocking     >= 1.x    fxa-auth-db-mysql > request
qs         0.6.6    qs Denial-of-Service Memory Exhaustion                >= 1.x    fxa-auth-db-mysql > request
qs         0.6.6    qs Denial-of-Service Extended Event Loop Blocking     >= 1.x    fxa-auth-db-mysql > restify
qs         0.6.6    qs Denial-of-Service Memory Exhaustion                >= 1.x    fxa-auth-db-mysql > restify