Skip to content
Snippets Groups Projects
Commit 6f779537 authored by Rhys Arkins's avatar Rhys Arkins
Browse files

fix(npm): use —no-audit

parent 4ae2ee10
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/manager/npm/post-update/lerna.js
+ 1
1
View file @ 6f779537
...@@ -28,7 +28,7 @@ async function generateLockFiles(lernaClient, tmpDir, env) { ...@@ -28,7 +28,7 @@ async function generateLockFiles(lernaClient, tmpDir, env) {
logger.debug('Using lerna version ' + lernaVersion); logger.debug('Using lerna version ' + lernaVersion);
const params = const params =
lernaClient === 'npm' lernaClient === 'npm'
? '--package-lock-only' ? '--package-lock-only --no-audit'
: '--ignore-scripts --ignore-engines --ignore-platform --mutex network:31879'; : '--ignore-scripts --ignore-engines --ignore-platform --mutex network:31879';
cmd = `find . && ${lernaClient} install ${params} && npx lerna@${lernaVersion} bootstrap -- ${params}`; cmd = `find . && ${lernaClient} install ${params} && npx lerna@${lernaVersion} bootstrap -- ${params}`;
logger.debug({ cmd }); logger.debug({ cmd });
......
lib/manager/npm/post-update/npm.js
+ 1
1
View file @ 6f779537
...@@ -53,7 +53,7 @@ async function generateLockFile(tmpDir, env, filename) { ...@@ -53,7 +53,7 @@ async function generateLockFile(tmpDir, env, filename) {
} }
} }
logger.debug(`Using npm: ${cmd}`); logger.debug(`Using npm: ${cmd}`);
cmd = `find . && ${cmd} --version && ${cmd} install --package-lock-only && find .`; cmd = `find . && ${cmd} --version && ${cmd} install --package-lock-only --no-audit && find .`;
// TODO: Switch to native util.promisify once using only node 8 // TODO: Switch to native util.promisify once using only node 8
({ stdout, stderr } = await exec(cmd, { ({ stdout, stderr } = await exec(cmd, {
cwd: tmpDir, cwd: tmpDir,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment