mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-11-23 02:10:12 +01:00
6d1170f06c
Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: ricky <ricky.miller@gmail.com> Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com> Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com> Co-authored-by: legobt <6wbvkn0j@anonaddy.me> Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net>
25 lines
745 B
Bash
Executable File
25 lines
745 B
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
set -u
|
|
set -x
|
|
set -o pipefail
|
|
|
|
# use `improved-yarn-audit` since that allows for exclude
|
|
# exclusions are in .iyarc now
|
|
yarn run improved-yarn-audit \
|
|
--ignore-dev-deps \
|
|
--min-severity moderate \
|
|
--fail-on-missing-exclusions
|
|
|
|
audit_status="$?"
|
|
|
|
if [[ "$audit_status" != 0 ]]
|
|
then
|
|
count="$(yarn npm audit --severity moderate --environment production --json | tail -1 | jq '.data.vulnerabilities.moderate + .data.vulnerabilities.high + .data.vulnerabilities.critical')"
|
|
printf "Audit shows %s moderate or high severity advisories _in the production dependencies_\n" "$count"
|
|
exit 1
|
|
else
|
|
printf "Audit shows _zero_ moderate or high severity advisories _in the production dependencies_\n"
|
|
fi
|