aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.circleci/config.yml26
-rwxr-xr-x.circleci/scripts/npm-audit12
-rw-r--r--.circleci/scripts/npm-audit-check.js24
3 files changed, 49 insertions, 13 deletions
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 686a996c1..f4dd245f2 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -17,9 +17,9 @@ workflows:
- test-lint:
requires:
- prep-deps-npm
- # - test-deps:
- # requires:
- # - prep-deps-npm
+ - test-deps:
+ requires:
+ - prep-deps-npm
- test-e2e-chrome:
requires:
- prep-deps-npm
@@ -156,16 +156,16 @@ jobs:
name: Test
command: npm run lint
- # test-deps:
- # docker:
- # - image: circleci/node:8.11.3-browsers
- # steps:
- # - checkout
- # - attach_workspace:
- # at: .
- # - run:
- # name: Test
- # command: sudo npm install -g npm@6 && npm audit
+ test-deps:
+ docker:
+ - image: circleci/node:8.15.1-browsers
+ steps:
+ - checkout
+ - attach_workspace:
+ at: .
+ - run:
+ name: npm audit
+ command: .circleci/scripts/npm-audit
# test-e2e-beta-drizzle:
# docker:
diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit
new file mode 100755
index 000000000..00a6876ff
--- /dev/null
+++ b/.circleci/scripts/npm-audit
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+if ! npm audit
+then
+ ! npm audit --json > audit.json
+ printf '%s\n' ''
+ node .circleci/scripts/npm-audit-check.js
+fi
diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js
new file mode 100644
index 000000000..2fb408add
--- /dev/null
+++ b/.circleci/scripts/npm-audit-check.js
@@ -0,0 +1,24 @@
+const path = require('path')
+const audit = require(path.join(__dirname, '..', '..', 'audit.json'))
+const error = audit.error
+const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k])
+
+if (error) {
+ process.exit(1)
+}
+
+let count = 0
+for (const advisory of advisories) {
+ if (advisory.severity === 'low') {
+ continue
+ }
+
+ count += advisory.findings.some((finding) => (!finding.dev && !finding.optional))
+}
+
+if (count > 0) {
+ console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`)
+ process.exit(1)
+} else {
+ console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`)
+}