![]() ![]() Today, with SPFx v1.6.0, at the end of this install process, you are greeted with the following audit summary: NPM displaying list of vulnerabilities ![]() The first thing the Yeoman generator does after scaffolding up the folders & files for your project is run npm install. ![]() What does the experience look like? Say you create a new project, like a SharePoint Framework project, using the Yeoman generator from Microsoft. If it finds a vulnerability, it reports it. What does the audit command do? It takes the current version of a package in your project and checks the list of known vulnerabilities for that specific package & version. You can manually run one of these audits by executing the command npm audit ( ref: With the release of NPM v6, this command is run automatically when you execute an npm install on your project. What’s going on? The NPM registry runs a security audit on NPM packages. I’ve seen more and more questions since the folks at NPM added an automatic scan for vulnerabilities after every NPM install. ![]()
0 Comments
|