eventOneHQ/npm-audit-html

Add option to exit with non-zero exit code

f4irline opened this issue ยท 3 comments

f4irline commented

Hey, and thanks for this useful package!

I'm using a yarn-version of this library (yarn-audit-html) myself in a CI-pipeline. I realized that with this version and the yarn-version, even if just basic audit (npm or yarn) command exits with code "1" when vulnerabilities were found, using either of these libraries ignore that exit code and instead the program exits with code "0" after creating the audit report. Exiting with code other than "0" could be useful in pipelines for example when determining if some script should be executed when vulnerabilities are found. This could also be optional with some flag given as a parameter.

My flow in the CI-job for example works like this (job is ran in an scheduled pipeline every week):

  1. Install npm-audit-html as local dependency (not global)
  2. Configure email-utilities in the CI-runner
  3. Run npm audit --json | ./node_modules/.bin/npm-audit-html --output audit.html
  4. If vulnerabilities are found (if exit code !== 0), send the audit.html report in an email to predetermined recipients. If not (if exit code === 0), just print "No vulnerabilities found."

I have a working implementation almost ready, and can make a pull request, if this feels like a useful feature.

nprail commented

This can be done already but simply running npm audit twice. Once to generate the report and once to check the exit code. I do this as a part of my CI pipeline so that it generates the report and then fails the job if there are vulnerabilities.

But, passing the exit code would probably be a more efficient method so if you have a working implementation, feel free to create a PR!

f4irline commented

This can be done already but simply running npm audit twice. Once to generate the report and once to check the exit code. I do this as a part of my CI pipeline so that it generates the report and then fails the job if there are vulnerabilities.

But, passing the exit code would probably be a more efficient method so if you have a working implementation, feel free to create a PR!

Sure yeah, that was my initial thought as well! But this change seemed like a simple little enhancement to implement. ๐Ÿ™‚ PR created!

nprail commented

๐ŸŽ‰ This issue has been resolved in version 1.5.0 ๐ŸŽ‰

The release is available on:

Your semantic-release bot ๐Ÿ“ฆ๐Ÿš€