[英]Fail shell script at npm install if there are high severity vulnerabilities
I want to fail the packaging script for my application if the npm install shows vulnerabilities with high severity.如果 npm install 显示严重性高的漏洞,我想使我的应用程序的打包脚本失败。
Example:例子:
added 137 packages from 151 contributors and audited 4041 packages in 8.689s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
What I have now I'm doing it with grep, but this does not sound like a good solution because minor output adjustments of the audit can break it without finding it out immediately.我现在使用的是 grep,但这听起来不是一个好的解决方案,因为审计的微小输出调整可能会破坏它而不会立即发现它。
function npm-prod-install-audit() {
if npm install --no-optional --only=prod | grep "high severity";then
echo "Audit failed! 🖐 Please update your packages."
exit 1
else
echo "Audit passed ✅";
fi
}
Is there any proper solution on this?对此有任何适当的解决方案吗?
You can use npm audit
https://docs.npmjs.com/cli/audit .您可以使用
npm audit
https://docs.npmjs.com/cli/audit 。 It will exit with non-zero return code if there are vulnerabilities found.如果发现漏洞,它将以非零返回码退出。 You can control on which level you want to fail by using
--audit-level=(low|moderate|high|critical)
.您可以使用
--audit-level=(low|moderate|high|critical)
控制要失败--audit-level=(low|moderate|high|critical)
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.