Skip to content

Update audit.js #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Update audit.js #251

wants to merge 2 commits into from

Conversation

@jweinsteincbt
Copy link

@jweinsteincbt jweinsteincbt commented Sep 14, 2019

Should be able to turn off file name scrubbing for your own private registry by using NOSCRUB=@${SCOPE}

@jweinsteincbt
Update audit.js
cf75e77 
Should be able to turn off file name scrubbing for your own private registry by using NOSCRUB=@${SCOPE}
@jweinsteincbt jweinsteincbt requested a review from a team as a code owner September 14, 2019 00:01
@isaacs
Copy link
Contributor

isaacs commented Sep 30, 2019

This should be a config value with docs and tests. I'd prefer not to bury ad hoc environment variable switches in the cli's command definitions, or it gets unmaintainable real fast.

@jweinsteincbt
Copy link
Author

jweinsteincbt commented Sep 30, 2019

Fair enough -- I can convert this from a quick hack to a real feature.

Do you want to the command line argument to be --no-scrub or something else?
Is it okay to turn off all scrubbing or only one at time:
--no-scrub=@${SCOPE}

Advanced features discussion:
Should this be limited to members of the org for that scope? Would need to cache the credentials so it does not need to do multiple lookups. Might not work for all registries (npm caching and so on). Also, that makes it harder to decide not to not require modules which have bad audit results if they are @ scoped.

@claudiahdz
Copy link
Contributor

claudiahdz commented Nov 12, 2019

Hi! Thank you very much for your contribution. Could you please follow up on this on our RFC's repo with the desired functionality and implementation details? Discussion can continue over there!

@claudiahdz claudiahdz closed this Nov 12, 2019
@Kingcrypto38 Kingcrypto38 mentioned this pull request Jan 26, 2024
Open
@snyk-io snyk-io bot mentioned this pull request Oct 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jweinsteincbt @isaacs @claudiahdz