Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

Frontend Deployment Pipeline "npm audit" passing should not be required to build

Avatar

Level 1

4/4/23

Request for Feature Enhancement (RFE) Summary: Make `npm audit` a warning by changing it to audit-level="info" or remove it from the pipeline to prevent it blocking production builds
Use-case:

Npm audit should be used as an informative tool, not as a gateway test for building to production. The reason this is important is because most audit errors are caused by the build toolchain, and does NOT have an impact on the final application. Furthermore, remediation of npm audit is not always possible, meaning you'd be permanently blocked.

 

For more info, see this article:

https://overreacted.io/npm-audit-broken-by-design/

 

Current/Experienced Behavior: npm audit returns exit code 1, blocking the pipeline from continuing.
Improved/Expected Behavior: npm audit returns exit code 0 using audit-level="info", or remove it from the pipeline commands.
Environment Details (AEM version/service pack, any other specifics if applicable):  
Customer-name/Organization name: Toyota Motors North America (TMNA)
Screenshot (if applicable): sowhatdoido_1-1680643945498.png

Error code 1 being returned results in the pipeline stopping

Code package (if applicable):  
1 Comment