Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recursive support on Node.js dependencies #89

Open
RafaelGSS opened this issue Nov 24, 2022 · 3 comments
Open

Recursive support on Node.js dependencies #89

RafaelGSS opened this issue Nov 24, 2022 · 3 comments

Comments

@RafaelGSS
Copy link
Member 

    Yes, we've discussed it in the last Security WG meeting. We agreed on testing the recursive approach, and in case it adds a lot of noise, we revert it.

Originally posted by @RafaelGSS in #88 (comment)
@mhdawson mhdawson mentioned this issue Dec 5, 2022
Closed
@mhdawson mhdawson mentioned this issue Dec 19, 2022
Closed
@mhdawson mhdawson mentioned this issue Jan 2, 2023
Closed
@mhdawson mhdawson mentioned this issue Jan 16, 2023
Closed
@mhdawson mhdawson mentioned this issue Jan 30, 2023
Closed
@RafaelGSS
Copy link
Member Author

As discussed in today's meeting nodejs/security-wg#872. We might want to create another dependency checker for Javascript code.

Basically, it goes to the deps/node_modules and performs an npm audit, and reports back.

@richardlau
Copy link
Member

Basically, it goes to the deps/node_modules and performs an npm audit, and reports back.

I've tried that before. Some things to watch out for:

  • I believe you need a lock file for npm audit to even run.
  • For Node.js 14 with npm 6 you have to do all operations on deps/npm with npm 6 -- attempting to do so with a later version of npm caused issues (I don't recall the exact specifics).

@RafaelGSS
Copy link
Member Author

Maybe we could skip the v14 and start from v16 considering the v14 will be EOL pretty soon.

@mhdawson mhdawson mentioned this issue Feb 13, 2023
Closed
@mhdawson mhdawson mentioned this issue Feb 27, 2023
Closed
@mhdawson mhdawson mentioned this issue Mar 13, 2023
Closed
@mhdawson mhdawson mentioned this issue Mar 27, 2023
Closed
@mhdawson mhdawson mentioned this issue Apr 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@richardlau @RafaelGSS