4 files changed, 11 insertions, 3 deletions

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 757db54e3..46ce9ef51 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -96,6 +96,9 @@ jobs:
     steps:
       - checkout
       - run:
+          name: Update npm
+          command: sudo npm install -g npm@6.10.2
+      - run:
           name: Install deps via npm
           command: |
            npm ci
@@ -176,6 +179,9 @@ jobs:
       - attach_workspace:
           at: .
       - run:
+          name: Update npm
+          command: sudo npm install -g npm@6.10.2
+      - run:
           name: npm audit
           command: .circleci/scripts/npm-audit
 
diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit
index 00a6876ff..f38be2f0a 100755
--- a/.circleci/scripts/npm-audit
+++ b/.circleci/scripts/npm-audit
@@ -4,9 +4,9 @@ set -e
 set -u
 set -o pipefail
 
-if ! npm audit
+if ! npm audit --production
 then
-    ! npm audit --json > audit.json
+    ! npm audit --production --json > audit.json
     printf '%s\n' ''
     node .circleci/scripts/npm-audit-check.js
 fi
diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js
index 2fb408add..90bbebbd2 100644
--- a/.circleci/scripts/npm-audit-check.js
+++ b/.circleci/scripts/npm-audit-check.js
@@ -13,7 +13,7 @@ for (const advisory of advisories) {
     continue
   }
 
-  count += advisory.findings.some((finding) => (!finding.dev && !finding.optional))
+  count += advisory.findings.length
 }
 
 if (count > 0) {
diff --git a/.gitignore b/.gitignore
index 132ba4338..71531d89e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,8 @@ npm-debug.log
 node_modules
 yarn.lock
 
+audit.json
+
 app/bower_components
 test/bower_components
 package