Needs Information
Frontend Deployment Pipeline "npm audit" passing should not be required to build
| Request for Feature Enhancement (RFE) Summary: | Make `npm audit` a warning by changing it to audit-level="info" or remove it from the pipeline to prevent it blocking production builds |
| Use-case: |
Npm audit should be used as an informative tool, not as a gateway test for building to production. The reason this is important is because most audit errors are caused by the build toolchain, and does NOT have an impact on the final application. Furthermore, remediation of npm audit is not always possible, meaning you'd be permanently blocked.
For more info, see this article: https://overreacted.io/npm-audit-broken-by-design/
|
| Current/Experienced Behavior: | npm audit returns exit code 1, blocking the pipeline from continuing. |
| Improved/Expected Behavior: | npm audit returns exit code 0 using audit-level="info", or remove it from the pipeline commands. |
| Environment Details (AEM version/service pack, any other specifics if applicable): | |
| Customer-name/Organization name: | Toyota Motors North America (TMNA) |
| Screenshot (if applicable): | 
Error code 1 being returned results in the pipeline stopping |
| Code package (if applicable): |