Skip to content

Instantly share code, notes, and snippets.

@ruyadorno

ruyadorno/20210618-npm-audit-license.md

Last active June 18, 2021 21:09
Show Gist options
  • Save ruyadorno/b318c00c39fe200b2bb6a56c64eb18cc to your computer and use it in GitHub Desktop.
Save ruyadorno/b318c00c39fe200b2bb6a56c64eb18cc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
20210618-npm-audit-license.md

npm audit licenses

Questions:

  • workspaces
    • maybe just handled via config?
    • maybe tweak licensee to better handle it?
  • configuration?
    • package.json property
    • audit.json file?

Action item:

  • add new sub command to audit: npm audit licenses

Commands

  • npm audit
    • defaults to checking to advisories
    • if licenses configuration exists, also audit licenses
  • npm audit fix
    • either (?)
      • if licenses configuration exists, return additional licenses Object in the Object that npm audit fix returns
      • always include a licenses Object and have it be empty if there's no changes/license config
    • maybe --audit-advisories and --audit-licenses if we don't do npm audit advisories fix and npm audit licenses fix
    • maybe --audit-type=[advisories, licenses] (I know the teams has been steering away from so many booleans in our config)
  • npm audit advisories
    • same API as npm audit presently
    • do we need npm audit advisories fix?
      • if so, should match the root fix API but limited to advisories
  • npm audit licenses
    • --json
    • --production
    • do we need npm audit licenses fix?
      • if so, should match the root fix API but limited to licenses
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment