check-package-lock
Version:
Checks the package-lock.json file for insecure http:// links
48 lines (37 loc) • 1.35 kB
YAML
version: 2
jobs:
build:
docker:
# Use node image
- image: cimg/node:lts
# code folder
working_directory: ~/repo
steps:
# check out code
- checkout
# restore cache dependencies
- restore_cache:
keys:
- v1-dependencies-{{ checksum "package.json" }}
# fallback to using the latest cache if no exact match is found
- v1-dependencies-
# install and cache packages
- run: npm install
- save_cache:
paths:
- node_modules
key: v1-dependencies-{{ checksum "package.json" }}
# audit the packages
- run: npm audit
- run: npm ls
# security test
- run: ./node_modules/.bin/snyk test
# correct line endings
- run: find ./ -path ./node_modules -prune -o -name '*.css' -o -name '*.json' -o -name '*.md' -o -name '*.js' -o -name '*.yml' | xargs ./node_modules/.bin/lintspaces --endofline 'lf' --newline --trailingspaces --verbose
# lint
- run: ./node_modules/.bin/eslint '*.js' 'test/*.js'
# run tests
- run: ./node_modules/.bin/nyc npm test
# upload code coverage
- run: ./node_modules/.bin/nyc report --reporter=text-lcov > coverage.lcov
- run: ./node_modules/.bin/codecov