如果存在高严重性漏洞,则 npm install 时的 shell 脚本失败
[英]Fail shell script at npm install if there are high severity vulnerabilities
问题描述
I want to fail the packaging script for my application if the npm install shows vulnerabilities with high severity.
如果 npm install 显示严重性高的漏洞,我想使我的应用程序的打包脚本失败。
Example:例子:
added 137 packages from 151 contributors and audited 4041 packages in 8.689s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
What I have now I'm doing it with grep, but this does not sound like a good solution because minor output adjustments of the audit can break it without finding it out immediately.我现在使用的是 grep,但这听起来不是一个好的解决方案,因为审计的微小输出调整可能会破坏它而不会立即发现它。
function npm-prod-install-audit() {
if npm install --no-optional --only=prod | grep "high severity";then
echo "Audit failed! 🖐 Please update your packages."
exit 1
else
echo "Audit passed ✅";
fi
}
Is there any proper solution on this?对此有任何适当的解决方案吗?
1 个解决方案
解决方案1
2 已采纳 2020-02-10 22:04:04
You can use npm audit https://docs.npmjs.com/cli/audit .您可以使用npm audit https://docs.npmjs.com/cli/audit 。 It will exit with non-zero return code if there are vulnerabilities found.如果发现漏洞,它将以非零返回码退出。 You can control on which level you want to fail by using --audit-level=(low|moderate|high|critical) .您可以使用--audit-level=(low|moderate|high|critical)控制要失败--audit-level=(low|moderate|high|critical) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.