aboutsummaryrefslogtreecommitdiffstats
path: root/.circleci/scripts/yarn-audit
diff options
context:
space:
mode:
Diffstat (limited to '.circleci/scripts/yarn-audit')
-rwxr-xr-x.circleci/scripts/yarn-audit20
1 files changed, 20 insertions, 0 deletions
diff --git a/.circleci/scripts/yarn-audit b/.circleci/scripts/yarn-audit
new file mode 100755
index 000000000..ebe036815
--- /dev/null
+++ b/.circleci/scripts/yarn-audit
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -u
+set -o pipefail
+
+yarn audit --level moderate --groups dependencies
+audit_status="$?"
+
+# Use a bitmask to ignore INFO and LOW severity audit results
+# See here: https://yarnpkg.com/lang/en/docs/cli/audit/
+audit_status="$(( audit_status & 11100 ))"
+
+if [[ "$audit_status" != 0 ]]
+then
+ count="$(yarn audit --level moderate --groups dependencies --json | tail -1 | jq '.data.vulnerabilities.moderate + .data.vulnerabilities.high + .data.vulnerabilities.critical')"
+ printf "Audit shows %s moderate or high severity advisories _in the production dependencies_\n" "$count"
+ exit 1
+else
+ printf "Audit shows _zero_ moderate or high severity advisories _in the production dependencies_\n"
+fi
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-21 16:13:15 +0800