Expand my Community achievements bar.

Frontend Deployment Pipeline "npm audit" passing should not be required to build

Avatar

sowhatdoido
Level 1

4/4/23

Request for Feature Enhancement (RFE) Summary: Make `npm audit` a warning by changing it to audit-level="info" or remove it from the pipeline to prevent it blocking production builds
Use-case:

Npm audit should be used as an informative tool, not as a gateway test for building to production. The reason this is important is because most audit errors are caused by the build toolchain, and does NOT have an impact on the final application. Furthermore, remediation of npm audit is not always possible, meaning you'd be permanently blocked.

 

For more info, see this article:

https://overreacted.io/npm-audit-broken-by-design/

 
Current/Experienced Behavior: npm audit returns exit code 1, blocking the pipeline from continuing.
Improved/Expected Behavior: npm audit returns exit code 0 using audit-level="info", or remove it from the pipeline commands.
Environment Details (AEM version/service pack, any other specifics if applicable):  
Customer-name/Organization name: Toyota Motors North America (TMNA)
Screenshot (if applicable): sowhatdoido_1-1680643945498.png

Error code 1 being returned results in the pipeline stopping
Code package (if applicable):  
1 Comment
Reply
Related Conversations
Adding Rules to Metadata fields in Assets UI

Views

44

Likes

0

Replies

1
Add copyright to Image component policy

Views

63

Likes

0

Replies

1
Integrate Accessibility Testing into AEM Cloud Manager Pipeline

Views

63

Like

1

Replies

1
Versions are not created in AEM upon Manage Publication

Views

60

Likes

0

Replies

1
Allow to search for Assets by combination of options e.g. Created by, Created Date and Modified Date

Views

80

Like

1

Replies

1