Grunt-retire crashes when finding a vulnerable dependency

[CalldiDoctor]

Hi,

I've been testing the retire.js plugin for Grunt, and I have always found the same problem.
Every time I analyse a project, and the plugin finds a vulnerable dependency, it crashes showing the following message and stopping the execution.

Warning: Task "retire:js" failed. Use --force to continue.

I've tried to find some log file, but I haven't found it.

Has anyone been stuck with the same problem?

Thanks!

[eoftedal]

Can you share relevant parts of your gruntfile?

[CalldiDoctor]

Sure. Below you can find the modifications I made on the Gruntfile.

retire: {
      js: ['src/**/*.js'], /** Which js-files to scan. **/
      node: ['path_to_packaje.json'], /** Which node directories to scan (containing package.json). **/
      options: {
         verbose: true,
         packageOnly: true, 
         jsRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json',
         nodeRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json',
         outputFile: './retire-output.json',
         ignore: 'documents,java'
      }
    }

grunt.loadNpmTasks('grunt-retire');

grunt.registerTask('dependencies',['retire']);

Is there any problem with this configuration?

[eoftedal]

Well, I'm doesn't actually crash, but instead fails the build. So in that sense it does what it's supposed to. If you don't believe the findings are important, you can add them to a .retireignore file.

[kozmic]

The task is supposed to fail when a vulnerable library is detected. As @eoftedal mentions, if you would like to ignore the vulnerability you can add the ones you want to ignore to .retireignore. Closing issue.