Fail npm install when audit detects vulnerabilities

(Joey Lappin) #1

It would be useful for CI to have a flag on npm install that fails installation when vulnerabilities are detected. Ideally the severity that would trigger a failure would be configurable.

This would help protect automated builds from silently succeeding when vulnerabilities are introduced or old packages are added to the vuln list.

(Xin) #2

Strongly agree with this