Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Feature Request: Add option to run npm audit fix in bootstrap command
See original GitHub issueExpected Behavior
Right now, I’ve tried to make lerna bootstrap run npm audit fix for the monorepo packages with no luck. I’d like to run lerna bootstrap to fix any sec vulnerabilities for the packages in the monorepo
Current Behavior
Doesn’t provide npm audit fix support as lerna only is concerning flags passed, not commands.
Possible Solution
N/A
Steps to Reproduce (for bugs)
- Clone webpack-cli
- Run lerna bootstrap
- Try to run it with the
--override
Context
Improving project-wide security without having to navigate to each package and manually running npm audit fix
Your Environment
| Executable | Version |
|---|---|
lerna --version |
3.14.1 |
npm --version |
6.9 |
node --version |
11.4 |
| OS | Version |
|---|---|
| macOS Mojave | 10.14.5 |
Issue Analytics
- State:
- Created 4 years ago
- Reactions:14
- Comments:7
Top Results From Across the Web
Fix vulnerabilities in NPM manually - Stack Overflow
The simple solution, not recommended for production, is to just manually try to run npm install for both the vulnerabilities and peer ...
Read more >Don't be alarmed by vulnerabilities after running NPM Install
The NPM audit command is checking all dependencies, including those someone else has setup. Let's take a look at two of these. You...
Read more >Changelog - npm Docs
Documentation for the npm registry, website, and command-line interface.
Read more >10 npm Security Best Practices - Snyk
Whether you're making use of API keys, passwords or other secrets, they can very easily end up leaking into source control or even...
Read more >How to troubleshoot NPM problems - JFrog
The libcurl terminal application can run basic REST API commands such as GET or PUT options. Your Artifactory request logs will display the...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@mchelen NPM doesn’t like that approach and throws
ELOCKVERIFYin many of my packages complaining about “Errors were found in your package-lock.json, run npm install to fix them” and then listing symlinked packages. As such it doesn’t complete the audit actions.Also related: https://github.com/lerna/lerna/issues/1663
This feature should be very high priority security wise!