npm audit widget is a Dashboard widget for Azure DevOps (TFS) Dashboard's that displays npm audit results.
- Critical: Address immediately
- High: Address as quickly as possible
- Moderate: Address as time allows
- Low: Address at your discretion
Note: You must be on npm v6.1.0 or greater
See: Azure DevOps Example
jobs:
- job: Windows
pool:
vmImage: 'vs2017-win2016'
steps:
- task: NodeTool@0
inputs:
versionSpec: '8.x'
displayName: 'Install Node.js'
- script: npm i npm -g
displayName: 'update npm'
- script: npm -v
displayName: 'check version'
- script: npm install
displayName: 'npm install'
- script: npm audit --json > audit.json
displayName: 'audit'
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: audit_results'
inputs:
PathtoPublish: 'audit.json'
ArtifactName: 'audit_results'-
Create a npm task with the following arguments
- working folder:
$/[path to application root (folder with package.json)] - npm command:
audit - arguments:
--json > audit.json- Optional, use
--json > audit.json & exit 0if you don't want the task to fail if audit returns security issues.
- Optional, use
- working folder:
-
Create a publish build artifacts task with the following arguments
- Path to Publish:
$/[path to application root (folder with package.json)]/audit.json - Artifact Name:
audit_results - Artifact Type:
Server
- Path to Publish:
-
Make sure the npm task comes before the publish task
-
Save and Queue a build
-
Install the widget from the market place
-
Add the widget to the dashboard
-
Configure the widget by choosing a build that is publishing
audit_results -
The widget should display the total number of issues as well as the number of issues by type.
c: criticalh: highm: moderatel: low
-
The color of the widget is determined by the severity.
