Implement audit report creation and audit fix

9fa5ac38 · Jukka Veijanen · cef7c3e5 · 9fa5ac38 · 9fa5ac38 · 9fa5ac38
Commit 9fa5ac38 authored 4 years ago by Jukka Veijanen
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,8 +3,12 @@ FROM node:12
 ENV NODE_ENV=production

 RUN useradd nodeuser -m -d /usr/src/app
+
 USER nodeuser

+# Allow nodeuser to run npm install globally
+ENV NPM_CONFIG_PREFIX=/usr/src/app/.npm-global
+
 # Create app directory
 WORKDIR /usr/src/app

@@ -18,7 +22,6 @@ RUN npm install
 # RUN npm ci --only=production

 # Check vulnerabilities
-RUN npm install npm-audit-html

 # Bundle app source
 COPY . .

--- a/audit-fix.sh
+++ b/audit-fix.sh
+#!/bin/bash
+
+npm audit fix
\ No newline at end of file
--- a/audit-json-html.sh
+++ b/audit-json-html.sh
+#!/bin/bash
+
+npm audit --json | node_modules/npm-audit-html/index.js --output audit-report.html
--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
    "mongoose": "4.6.4",
    "mongoose-unique-validator": "1.0.2",
    "morgan": "1.7.0",
+    "npm-audit-html": "^1.5.0",
    "passport": "0.3.2",
    "passport-local": "1.0.0",
    "request": "2.69.0",