cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesse <purplecabb...@gmail.com>
Subject Re: [DISCUSS] Use of nsp (node security cli) finds first vulnerable library that we use
Date Sat, 25 Jun 2016 09:02:09 GMT
I would rather let bithound[1][2] handle that stuff, instead of adding a
bunch of code to our tests for this.
Here's a fix. [3]

[1] https://www.bithound.io/github/purplecabbage/cordova-coho
[2] https://www.bithound.io/github/apache/cordova-coho/
[3] https://github.com/apache/cordova-coho/pull/128










@purplecabbage
risingj.com

On Sat, Jun 25, 2016 at 1:15 AM, Shazron <shazron@apache.org> wrote:

> I think it's the first [1].
>
> This is in cordova-coho [2], from a test [3] that our former intern Vishal
> (now employee) added. I'm not sure if any other repos are using a nsp test
> besides coho.
>
> We should add this check to our other repos that use node libraries.
>
> Thoughts?
>
> [1] https://issues.apache.org/jira/browse/CB-11484
> [2] https://github.com/apache/cordova-coho
> [3]
>
> https://github.com/apache/cordova-coho/blob/c802314090dc262ef41444397a646f5bd178b3db/package.json#L32
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message