|
@@ -152,9 +152,9 @@ jobs:
|
|
|
- name: Run npm audit
|
|
- name: Run npm audit
|
|
|
working-directory: frontend
|
|
working-directory: frontend
|
|
|
run: |
|
|
run: |
|
|
|
- # Only fail on fixable high/critical vulnerabilities.
|
|
|
|
|
- # Unfixable issues (e.g. npm's bundled tar) are tracked via security.yml.
|
|
|
|
|
- npm audit --json > /tmp/audit.json 2>/dev/null || true
|
|
|
|
|
|
|
+ # Only audit production dependencies — dev dependency vulnerabilities
|
|
|
|
|
+ # don't affect end users. Detailed audits are handled by security.yml.
|
|
|
|
|
+ npm audit --omit=dev --json > /tmp/audit.json 2>/dev/null || true
|
|
|
python3 -c "
|
|
python3 -c "
|
|
|
import json, sys
|
|
import json, sys
|
|
|
data = json.load(open('/tmp/audit.json'))
|
|
data = json.load(open('/tmp/audit.json'))
|
maziggy