Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sparkpost/auditmated
Automated npm auditing
https://github.com/sparkpost/auditmated
bash npm security sp-utils
Last synced: about 2 months ago
JSON representation
Automated npm auditing
- Host: GitHub
- URL: https://github.com/sparkpost/auditmated
- Owner: SparkPost
- License: mit
- Created: 2018-05-24T15:33:09.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-06-18T02:37:02.000Z (over 4 years ago)
- Last Synced: 2024-11-08T23:02:36.896Z (about 2 months ago)
- Topics: bash, npm, security, sp-utils
- Language: Shell
- Homepage:
- Size: 16.6 KB
- Stars: 10
- Watchers: 36
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# auditmated
Automated npm auditing
# Usage
The `auditmated` binary will run `npm audit fix` in the current repo. If `package.json` and `package-lock.json` have been updated `auditmated` will commit those changes
with a commit message of ` npm audit fix`. This will fix any problems identified by `npm audit` that can be fixed by patch or minor version bumps.
`auditmated` only supports bash.
# Example with Husky
This will run auditing as a pre-push hook using [husky](https://www.npmjs.com/package/husky):
```json
{
"name": "audit-test",
"version": "1.0.0",
"main": "index.js",
"husky": {
"hooks": {
"pre-push": "auditmated"
}
},
"devDependencies": {
"auditmated": "0.1.0",
"husky": "^1.0.0"
}
}
```
If you are using Husky v0, define as a `prepush` script.
```json
{
"name": "audit-test",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"prepush": "auditmated"
},
"devDependencies": {
"auditmated": "0.1.0",
"husky": "^0.14.3"
}
}
```
## Skipping Auditing
`auditmated` will not run for `master`, `main`, or `develop` branches. If you are using `husky`, you can use the `--no-verify` command line option to skip running auditing on any other branch.