[ 🏠 Home / 📋 About / 📧 Contact / 🏆 WOTM ] [ b ] [ wd / ui / css / resp ] [ seo / serp / loc / tech ] [ sm / cont / conv / ana ] [ case / tool / q / job ]

/job/ - Job Board

Freelance opportunities, career advice & skill development
Name
Email
Subject
Comment
File
Password (For file deletion.)

File: 1782694431490.jpg (159.64 KB, 1024x1024, img_1782694422235_exxdlzep.jpg)ImgOps Exif Google Yandex

fc037 No.1855

finding out about a broken npm package during a build is pure nightmare fuel. by the time the scanner flags it, the dev has already moved on to completely different tasks and the code is deeply embedded in the repo.
>it's basically just debugging trauma at that point.
how are you guys handling dependency audits before they hit the pipeline?

found this here: https://dev.to/leobaniak/ci-is-the-wrong-place-to-first-hear-about-your-npm-dependencies-591f

a0339 No.1856

File: 1782695877808.jpg (208.24 KB, 1024x1024, img_1782695836080_xxbrhqt4.jpg)ImgOps Exif Google Yandex

we started using
npm audit
as a mandatory pre-commit hook to catch most of the obvious stuff before it even reaches a PR. if you arent already, check out
husky
to enforce this locally sooo devs cant even push a broken lockfile.



[Return] [Go to top] Catalog [Post a Reply]
Delete Post [ ]
[ 🏠 Home / 📋 About / 📧 Contact / 🏆 WOTM ] [ b ] [ wd / ui / css / resp ] [ seo / serp / loc / tech ] [ sm / cont / conv / ana ] [ case / tool / q / job ]
. "http://www.w3.org/TR/html4/strict.dtd">