Fail npm install when audit detects vulnerabilities


(Joey Lappin) #1

It would be useful for CI to have a flag on npm install that fails installation when vulnerabilities are detected. Ideally the severity that would trigger a failure would be configurable.

This would help protect automated builds from silently succeeding when vulnerabilities are introduced or old packages are added to the vuln list.


(Xin) #2

Strongly agree with this