Skip to content

Commit

Permalink
docs: Pin running audit-ci to major version (#273)
Browse files Browse the repository at this point in the history
  • Loading branch information
quinnturner authored May 20, 2022
1 parent 004d398 commit a679cdc
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ An allowlist record may include any number of wildcards such as `*|react-scripts
steps:
- uses: actions/checkout@v2
- name: Audit for vulnerabilities
run: npx audit-ci --config ./audit-ci.jsonc
run: npx audit-ci@^6 --config ./audit-ci.jsonc
```
_(Recommended)_ Run `audit-ci` immediately after checking out the git repository to reduce the risk of executing a `postinstall` script from a compromised NPM package.
Expand All @@ -176,7 +176,7 @@ steps:
# command: if [[ ! -z $CIRCLE_PULL_REQUEST ]] ; then npx audit-ci --config ./audit-ci.jsonc ; fi
- run:
name: run-audit-ci
command: npx audit-ci --config ./audit-ci.jsonc
command: npx audit-ci@^6 --config ./audit-ci.jsonc
- run:
name: install-npm
command: "npm install --no-audit"
Expand All @@ -190,14 +190,14 @@ Auditing only on PR builds is [recommended](#qa)
scripts:
# This script should be the first that runs to reduce the risk of
# executing a script from a compromised NPM package.
- if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci --config ./audit-ci.jsonc; fi
- if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci@^6 --config ./audit-ci.jsonc; fi
```
For `Travis-CI` not using PR builds:

```yml
scripts:
- npx audit-ci --config ./audit-ci.jsonc
- npx audit-ci@^6 --config ./audit-ci.jsonc
```

## Options
Expand Down Expand Up @@ -300,7 +300,7 @@ With a `JSON5` config file:
Or, with the CLI with `yarn dlx`:

```sh
yarn dlx audit-ci -l -a "GHSA-38f5-ghc2-fcmv" lodash base64url --show-found false
yarn dlx audit-ci@^6 -l -a "GHSA-38f5-ghc2-fcmv" lodash base64url --show-found false
```

### Prevents build with critical vulnerabilities showing the full report
Expand All @@ -318,7 +318,7 @@ With a `JSONC` config file:
Or, with the CLI with `pnpm dlx`:

```sh
pnpm dlx audit-ci --critical --report-type full
pnpm dlx audit-ci@^6 --critical --report-type full
```

### Continues build regardless of vulnerabilities, but show the summary report
Expand All @@ -335,7 +335,7 @@ With a `JSONC` config file:
Or, with the CLI:

```sh
npx audit-ci --report-type summary
npx audit-ci@^6 --report-type summary
```

### Example config file and different directory usage
Expand All @@ -362,7 +362,7 @@ npx audit-ci --report-type summary
```

```sh
npx audit-ci --directory test/npm-config-file --config test/npm-config-file/audit-ci.jsonc
npx audit-ci@^6 --directory test/npm-config-file --config test/npm-config-file/audit-ci.jsonc
```

#### test/pnpm-config-file/audit-ci.json5
Expand All @@ -383,7 +383,7 @@ npx audit-ci --directory test/npm-config-file --config test/npm-config-file/audi
```

```sh
npx audit-ci --directory test/pnpm-config-file --config test/pnpm-config-file/audit-ci.json5
npx audit-ci@^6 --directory test/pnpm-config-file --config test/pnpm-config-file/audit-ci.json5
```

## Codemod
Expand Down

0 comments on commit a679cdc

Please sign in to comment.