Merge pull request #64 from Financial-Times/add-snyk

Add Snyk to component
Financial-Times · May 28, 2019 · 0c909f5 · 0c909f5
2 parents e160bee + 7f03e1f
commit 0c909f5
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -112,6 +112,7 @@ jobs:
       - run:
           name: shared-helper / npm-store-auth-token
           command: .circleci/shared-helpers/helper-npm-store-auth-token
+      - run: npx snyk monitor --org=customer-products --project-name=Financial-Times/kmt-header
       - run:
           name: shared-helper / npm-version-and-publish-public
           command: .circleci/shared-helpers/helper-npm-version-and-publish-public

diff --git a/.snyk b/.snyk
@@ -0,0 +1,4 @@
+# Snyk (https://snyk.io) policy file, which patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+patch: {}
diff --git a/package.json b/package.json
@@ -22,11 +22,13 @@
     "npm-prepublish": "^1.2.3",
     "origami-build-tools": "^6.2.5",
     "pa11y-ci": "^2.1.1",
-    "sass-lint": "^1.12.1"
+    "sass-lint": "^1.12.1",
+    "snyk": "^1.167.2"
   },
   "scripts": {
     "precommit": "node_modules/.bin/secret-squirrel",
     "commitmsg": "node_modules/.bin/secret-squirrel-commitmsg",
-    "prepush": "make verify -j3"
+    "prepush": "make verify -j3",
+    "prepare": "npx snyk protect || npx snyk protect -d || true"
   }
 }