Use 'yarn audit' for security checks

nsp has been retired and 'npm audit' is the recommended alternative. Since yarnpkg/yarn#6409 yarn v1.12.0 has an audit capability. Use that instead.
hmcts · Oct 6, 2018 · d005e86 · d005e86
1 parent 3f112ba
commit d005e86
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/uk/gov/hmcts/contino/YarnBuilder.groovy b/src/uk/gov/hmcts/contino/YarnBuilder.groovy
@@ -82,7 +82,7 @@ class YarnBuilder extends AbstractBuilder {
   }
 
   def securityCheck() {
-    yarn("test:nsp")
+    yarn("audit")
   }
 
   @Override

diff --git a/test/uk/gov/hmcts/contino/YarnBuilderTest.groovy b/test/uk/gov/hmcts/contino/YarnBuilderTest.groovy
@@ -77,11 +77,11 @@ class YarnBuilderTest extends Specification {
         1 * steps.sh({ it.startsWith(YARN_CMD) && it.contains('test:mutation') })
   }
 
-  def "securityCheck calls 'yarn test:nsp'"() {
+  def "securityCheck calls 'yarn audit'"() {
     when:
       builder.securityCheck()
     then:
-      1 * steps.sh({ GString it -> it.startsWith(YARN_CMD) && it.contains('test:nsp') })
+      1 * steps.sh({ GString it -> it.startsWith(YARN_CMD) && it.contains('audit') })
   }
 
   def "full functional tests calls 'yarn test:fullfunctional'"() {