docs: Pin running audit-ci to major version (#273)

IBM · May 20, 2022 · a679cdc · a679cdc
1 parent 004d398
commit a679cdc
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -150,7 +150,7 @@ An allowlist record may include any number of wildcards such as `*|react-scripts
 steps:
   - uses: actions/checkout@v2
   - name: Audit for vulnerabilities
-    run: npx audit-ci --config ./audit-ci.jsonc
+    run: npx audit-ci@^6 --config ./audit-ci.jsonc
 ```
 
 _(Recommended)_ Run `audit-ci` immediately after checking out the git repository to reduce the risk of executing a `postinstall` script from a compromised NPM package.
@@ -176,7 +176,7 @@ steps:
   # command: if [[ ! -z $CIRCLE_PULL_REQUEST ]] ; then npx audit-ci --config ./audit-ci.jsonc ; fi
   - run:
       name: run-audit-ci
-      command: npx audit-ci --config ./audit-ci.jsonc
+      command: npx audit-ci@^6 --config ./audit-ci.jsonc
   - run:
       name: install-npm
       command: "npm install --no-audit"
@@ -190,14 +190,14 @@ Auditing only on PR builds is [recommended](#qa)
 scripts:
   # This script should be the first that runs to reduce the risk of
   # executing a script from a compromised NPM package.
-  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci --config ./audit-ci.jsonc; fi
+  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci@^6 --config ./audit-ci.jsonc; fi
 ```
 
 For `Travis-CI` not using PR builds:
 
 ```yml
 scripts:
-  - npx audit-ci --config ./audit-ci.jsonc
+  - npx audit-ci@^6 --config ./audit-ci.jsonc
 ```
 
 ## Options
@@ -300,7 +300,7 @@ With a `JSON5` config file:
 Or, with the CLI with `yarn dlx`:
 
 ```sh
-yarn dlx audit-ci -l -a "GHSA-38f5-ghc2-fcmv" lodash base64url --show-found false
+yarn dlx audit-ci@^6 -l -a "GHSA-38f5-ghc2-fcmv" lodash base64url --show-found false
 ```
 
 ### Prevents build with critical vulnerabilities showing the full report
@@ -318,7 +318,7 @@ With a `JSONC` config file:
 Or, with the CLI with `pnpm dlx`:
 
 ```sh
-pnpm dlx audit-ci --critical --report-type full
+pnpm dlx audit-ci@^6 --critical --report-type full
 ```
 
 ### Continues build regardless of vulnerabilities, but show the summary report
@@ -335,7 +335,7 @@ With a `JSONC` config file:
 Or, with the CLI:
 
 ```sh
-npx audit-ci --report-type summary
+npx audit-ci@^6 --report-type summary
 ```
 
 ### Example config file and different directory usage
@@ -362,7 +362,7 @@ npx audit-ci --report-type summary
 ```
 
 ```sh
-npx audit-ci --directory test/npm-config-file --config test/npm-config-file/audit-ci.jsonc
+npx audit-ci@^6 --directory test/npm-config-file --config test/npm-config-file/audit-ci.jsonc
 ```
 
 #### test/pnpm-config-file/audit-ci.json5
@@ -383,7 +383,7 @@ npx audit-ci --directory test/npm-config-file --config test/npm-config-file/audi
 ```
 
 ```sh
-npx audit-ci --directory test/pnpm-config-file --config test/pnpm-config-file/audit-ci.json5
+npx audit-ci@^6 --directory test/pnpm-config-file --config test/pnpm-config-file/audit-ci.json5
 ```
 
 ## Codemod