verdaccio / verdaccio-audit Goto Github PK
View Code? Open in Web Editor NEW🛡🔬verdaccio plugin for npm audit support
Home Page: https://www.verdaccio.org/
License: MIT License
verdaccio-audit's Issues
How to install plugin into docker container
Hi. I'm trying to install this plugin inside docker container based on verdaccio.
FROM verdaccio/verdaccio:latest
USER verdaccio
WORKDIR /verdaccio
COPY . .
# This will fail with EACCESS error
RUN npm i -g verdaccio-audit
EXPOSE 4873
VOLUME ["/verdaccio"]
npm i -g fails with EACCESS error
Installing into app directory (npm i --prefix /usr/local/app) will break dependencies and verdaccio will not start
Installing into plugins directory also is tricky because it will need to build this module, cause it uses flow.
Is there any easy way to do that. Without using docker compose and so on.
GitHub Actions Deployment
-/npm/v1/security/audits/quick endpoint is missing
Implement -/npm/v1/security/audits/quick
http <-- 404, user: undefined(172.17.0.1), req: 'POST /-/npm/v1/security/audits/quick', bytes: 49822/170
refers to verdaccio/verdaccio#689
It ignores http_proxy and https_proxy
We have setup like this:
https_proxy: http://address-of-proxy/
middlewares:
audit:
enabled: trueBut it looks like audit doesn't use the proxy, hanging the request.
Audit requests always pass
Versions:
verdaccio-audit0.2.0npm6.4.1verdaccio3.8.4
Install a package with vulnerabilities and audit:
npm --registry=my-verdaccio-host:123 install lodash@3
npm --registry=my-verdaccio-host:123 audit- Expected outcome -- one security vulnerability reported.
- Actual outcome -- no security vulnerabilities.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.