You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do you want to request a feature or report a bug?
This is a feature request. Wasn't sure if it's considered substantial though. If so, I'll be happy to follow the https://github.com/yarnpkg/rfcs procedure.
What is the current behavior?
The yarn audit command returns "a non-0 exit code if there are issues of any severity found" (see https://yarnpkg.com/lang/en/docs/cli/audit/#toc-yarn-audit). This means that if you integrate this command in a CI tool - let's say Jenkins - the job will exit with a failure even for a low risk.
What is the expected behavior?
I'm aware that a vulnerability should be considered a risk at any level. Nonetheless, it should be given to the developer the ability to change this level by passing an option, like npm audit --audit-level <LEVEL>, to set the "minimum level of vulnerability for yarn audit to exit with a non-zero exit code." (see https://docs.npmjs.com/misc/config#audit-level)
This option will smooth the integration of yarn audit in automation, where a different action could be taken based on the risk level (which modify the exit code).
Please mention your node.js, yarn and operating system version.
Node: v10.14.2
Yarn: v1.15.2
OS: macOS Sierra version 10.12.6 - Darwin Kernel Version 16.7.0 x86_64
The text was updated successfully, but these errors were encountered:
Do you want to request a feature or report a bug?
This is a feature request. Wasn't sure if it's considered substantial though. If so, I'll be happy to follow the https://github.com/yarnpkg/rfcs procedure.
What is the current behavior?
The
yarn audit
command returns "a non-0 exit code if there are issues of any severity found" (see https://yarnpkg.com/lang/en/docs/cli/audit/#toc-yarn-audit). This means that if you integrate this command in a CI tool - let's say Jenkins - the job will exit with a failure even for a low risk.What is the expected behavior?
I'm aware that a vulnerability should be considered a risk at any level. Nonetheless, it should be given to the developer the ability to change this level by passing an option, like
npm audit --audit-level <LEVEL>
, to set the "minimum level of vulnerability for yarn audit to exit with a non-zero exit code." (see https://docs.npmjs.com/misc/config#audit-level)This option will smooth the integration of
yarn audit
in automation, where a different action could be taken based on the risk level (which modify the exit code).Please mention your node.js, yarn and operating system version.
Node: v10.14.2
Yarn: v1.15.2
OS: macOS Sierra version 10.12.6 - Darwin Kernel Version 16.7.0 x86_64
The text was updated successfully, but these errors were encountered: