Implement auditjs and migrate from http-server to local-web-server #15

rav-pradhan · 2021-03-03T20:53:47Z

Implemented auditjs as our vulnerability auditing tool instead of npm audit. This is to provide us with the flexibility to manage an allowlist for any vulnerabilities we want to bypass.
Owing to running auditjs, it was noted that http-server has a vulnerability which has been unpatched. It is around the ecstatic dependency. On further reading, it looks like ecstatic has been deprecated since May 2019. It doesn't look like http-server has been updated to account for this. On that note, this PR also includes a change from http-server to local-web-server for the development server. As I understand, there shouldn't be any differences than with using http-server, other than the API. I was able to still link to the main.css served at localhost:9001.

Check that the audit command runs as intended

Check that local-web-server works as a suitable replacement for http-server

Anyone

…o unpatched vulnerability

implement auditjs and move from http-server to local-web-server due t…

4302e79

…o unpatched vulnerability

jondewijones previously approved these changes Mar 3, 2021

View reviewed changes

update audit script to install dependencies first, before auditing

134a940

rav-pradhan dismissed jondewijones’s stale review via 134a940 March 4, 2021 08:15

hamishtaplin approved these changes Mar 4, 2021

View reviewed changes

rav-pradhan merged commit 134a940 into main Mar 4, 2021

rav-pradhan deleted the feature/auditjs branch March 4, 2021 09:23

Provide feedback