Metamask-extension: security: re-enable NPM audit
I cloned this repo today and saw a bunch of npm audit errors upon installing the packages:
The audit command was disabled in https://github.com/MetaMask/metamask-extension/pull/6188. I think for security reasons, it would be good to update your dependencies to fix these problems and then re-enable npm audit.
FYI depcheck shows some unused deps in this repo and deleting them probably fixes some of the security issues.
diracdeltas
>All comments
Looks like this was partly because npm audit would spontaneously fail for us, and we're not the only ones.
https://npm.community/t/enoaudit-from-registry-npmjs-org-503/4642/59
You can see what it was doing here:
https://circleci.com/gh/MetaMask/metamask-extension/81694?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link
We may need to find a substitute for npm audit, or run audit on the dependency list individually, if this is related to dependency graph size.
In any case, we should've opened an equivalent issue when we first removed it, so thanks for opening this.
danfinlay
on 5 Jun 2019
Related issues
whyrusleeping
路
3Comments
DISC30
路
3Comments
MarkOSullivan94
路
3Comments
kumavis
路
3Comments
estebanmino
路
3Comments
Most helpful comment
Looks like this was partly because
npm auditwould spontaneously fail for us, and we're not the only ones.https://npm.community/t/enoaudit-from-registry-npmjs-org-503/4642/59
You can see what it was doing here:
https://circleci.com/gh/MetaMask/metamask-extension/81694?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link
We may need to find a substitute for
npm audit, or run audit on the dependency list individually, if this is related to dependency graph size.In any case, we should've opened an equivalent issue when we first removed it, so thanks for opening this.