Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security checker for node packages? #22

Open
tomheadifen opened this issue Oct 18, 2019 · 2 comments
Open

Add security checker for node packages? #22

tomheadifen opened this issue Oct 18, 2019 · 2 comments
Labels
wish Not a bug, but interesting enough to let people vote on.

Comments

@tomheadifen
Copy link

NPM has a command 'npm audit'.

Would we be able to add that check into this aswell? I can probably find some time in the next couple of weeks to throw this together if people think it's a good idea.

@jorijn
Copy link
Owner

jorijn commented Oct 22, 2019

Hey Tom.

I think it would be interesting to include this kind of information. The core purpose of this package is to notify application owners of pending doom in the dependencies they use. If you're up for it, I'd like to invite you to see if you could write this up for Laravel Security Checker. We could even collaborate on it!

Things I find important in code:

  • Keep it DRY.
  • Adhere to the SOLID principles.
  • Don't commit code without proper tests.
  • Keep it backwards compatible and optional so that users can choose if they'd like to enable this additional feature.

Looking forward to seeing some work :-)

@tomheadifen
Copy link
Author

Awesome, Thanks Jorgin! I should be able to get started in the next couple of days. I'll send you an email once I get under way.

@jorijn jorijn added enhancement wish Not a bug, but interesting enough to let people vote on. and removed enhancement labels Mar 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
wish Not a bug, but interesting enough to let people vote on.
Projects
None yet
Development

No branches or pull requests

2 participants