CI/CD-NPM_auditbuild scripts

.github/workflows/ci-cd.yml

@@ -59,7 +59,23 @@ jobs:
         if: matrix.theme == 'fusion'
       - name: Run WDIO Tests for form factor ${{ matrix.form-factor }} and ${{ matrix.theme }}
         run: SITE=build/${{ matrix.theme }} FORM_FACTOR=${{ matrix.form-factor }} npm run wdio-${{ matrix.theme }}
+  NPM_Audit:
+    runs-on: ubuntu-latest
 
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Install dependencies and run npm audit
+        run: |
+        npm i --package-lock-only
+        npm audit --json > audit.json || true
+        if [ -s audit.json ]; then
+          echo 'NPM audit vulnerabilities found:'
+          npm audit --registry=https://registry.npmjs.org --json > audit-full.json
+          cat audit-full.json  # Display the contents of audit-full.json
+        else
+          echo 'No NPM audit vulnerabilities found.'
+        fi
   release-and-deploy:
     runs-on: ubuntu-latest
 

package.json

@@ -78,7 +78,8 @@
     "wdio-lowlight": "terra wdio --themes clinical-lowlight-theme",
     "wdio-fusion": "terra wdio --themes orion-fusion-theme",
     "wdio": "terra wdio --themes terra-default-theme clinical-lowlight-theme orion-fusion-theme",
-    "wdio:docker": "terra wdio --disableSeleniumService=true --themes terra-default-theme clinical-lowlight-theme orion-fusion-theme"
+    "wdio:docker": "terra wdio --disableSeleniumService=true --themes terra-default-theme clinical-lowlight-theme orion-fusion-theme",
+    "npm:audit": "npm i --package-lock-only && npm audit --json > audit.json || true && if [ -s audit.json ]; then echo 'NPM audit vulnerabilities found:'; cat audit.json; fi"
   },
   "devDependencies": {
     "@babel/cli": "^7.5.0",