Run nsp check on release #4285
Run nsp check on release #4285
Conversation
Codecov Report
@@ Coverage Diff @@
## master #4285 +/- ##
===========================================
+ Coverage 82.41% 92.43% +10.01%
===========================================
Files 118 118
Lines 8151 8207 +56
===========================================
+ Hits 6718 7586 +868
+ Misses 1433 621 -812
Continue to review full report at Codecov.
|
|
Could also look at snyk (snyk.io) although that requires sign-in. We install snyk and nsp as dev depencies run both during build. Nsp usually catches what snyk does - not sure if they use the same vulnerabilities database. Snyk can also watch a repository and run tests on a PR https://snyk.io/docs/github |
|
Same as mentioned for snyk, nsp can also run on our PRs as a separate step in our CI. Believe this also requires us to signup however. |
|
This runs on PR's, that's why it fails. |
|
@steven-supersolid I merged your branch onto master and updated this one, in all goodness, this should be OK with nsp check. They also have an eslint plugin that warns on unsafe potential code. |
|
@montymxb what do you think? should we go with nsp for now, at least, next release will be safe :) |
|
@flovilmart Yeah nsp works for me. I think it's good to know our options though, should we choose to look into this in further detail. |
|
@flovilmart at some point we'll probably want this to run on PRs too. Release checking is better than nothing, but it would be nice to know if some pending feature was about to introduce a potential issue. Was there some problem with trying it on PRs originally? |
|
This is running on PR’s, as you can see in https://travis-ci.org/parse-community/parse-server/builds/291256870 It’s only run at the release stage. This is why in this builds, we can clearly identify that we’d have issues releasing that PR, which is not related to the code itself. |
|
Ah I stand corrected! We're all good then. |
|
Nice :) |
As suggested by #4266