Implement auditjs and migrate from http-server to local-web-server #15
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Implemented
auditjs
as our vulnerability auditing tool instead ofnpm audit
. This is to provide us with the flexibility to manage an allowlist for any vulnerabilities we want to bypass.Owing to running
auditjs
, it was noted thathttp-server
has a vulnerability which has been unpatched. It is around theecstatic
dependency. On further reading, it looks likeecstatic
has been deprecated since May 2019. It doesn't look likehttp-server
has been updated to account for this. On that note, this PR also includes a change fromhttp-server
tolocal-web-server
for the development server. As I understand, there shouldn't be any differences than with usinghttp-server
, other than the API. I was able to still link to themain.css
served atlocalhost:9001
.How to review
Check that the audit command runs as intended
Check that
local-web-server
works as a suitable replacement forhttp-server
Who can review
Anyone