Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.

Frontend Deployment Pipeline "npm audit" passing should not be required to build

Avatar

Level 1

4/4/23

Request for Feature Enhancement (RFE) Summary: Make `npm audit` a warning by changing it to audit-level="info" or remove it from the pipeline to prevent it blocking production builds
Use-case:

Npm audit should be used as an informative tool, not as a gateway test for building to production. The reason this is important is because most audit errors are caused by the build toolchain, and does NOT have an impact on the final application. Furthermore, remediation of npm audit is not always possible, meaning you'd be permanently blocked.

 

For more info, see this article:

https://overreacted.io/npm-audit-broken-by-design/

 

Current/Experienced Behavior: npm audit returns exit code 1, blocking the pipeline from continuing.
Improved/Expected Behavior: npm audit returns exit code 0 using audit-level="info", or remove it from the pipeline commands.
Environment Details (AEM version/service pack, any other specifics if applicable):  
Customer-name/Organization name: Toyota Motors North America (TMNA)
Screenshot (if applicable): sowhatdoido_1-1680643945498.png

Error code 1 being returned results in the pipeline stopping

Code package (if applicable):  
1 Comment