Skip to content

chore(security): make just audit always pass by ignoring npm audit #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 23, 2025
Merged

chore(security): make just audit always pass by ignoring npm audit #85

merged 2 commits into from
Jun 23, 2025

Conversation

kadykov
Copy link
Owner

@kadykov kadykov commented Jun 23, 2025

exit code

Allow CI and local checks to pass even if npm audit finds vulnerabilities, while still displaying audit results for visibility.

@kadykov
chore(security): make just audit always pass by ignoring npm audit
bb48ca6 
exit code

Allow CI and local checks to pass even if `npm audit` finds
vulnerabilities, while still displaying audit results for visibility.
@Copilot Copilot AI review requested due to automatic review settings June 23, 2025 21:33
Copilot
Copilot AI reviewed Jun 23, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the security audit step in the Justfile so that npm audit no longer blocks CI or local runs by forcing it to exit with a success code, while still printing vulnerabilities.

  • Append || true to the npm audit command to ignore its non-zero exit code
Comments suppressed due to low confidence (1)

justfile:31

  • Add a note explaining why the audit step is allowed to succeed (e.g., to avoid CI failures) and any conditions under which developers should manually address the reported issues.
# Security scan dependencies for vulnerabilities

@codecov Codecov
Copy link

codecov bot commented Jun 23, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@kadykov
chore(security): only fail just audit on high or critical
7174a1c 
vulnerabilities

Use `npm audit --audit-level=high` to allow low and moderate
vulnerabilities without failing CI, while still enforcing checks for
more severe issues.
@kadykov kadykov merged commit e542182 into main Jun 23, 2025
6 checks passed
@kadykov kadykov deleted the optional-audit branch June 23, 2025 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kadykov