Add Snyk to app

So that our repos avoid exposure to security vunerabilities, Snyk will monitor them for us.
Financial-Times · May 28, 2019 · 3126d94 · 3126d94
1 parent 8050019
commit 3126d94
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -112,6 +112,7 @@ jobs:
       - run:
           name: shared-helper / npm-store-auth-token
           command: .circleci/shared-helpers/helper-npm-store-auth-token
+      - run: npx snyk monitor --org=customer-products --project-name=Financial-Times/n-es-client
       - run:
           name: shared-helper / npm-version-and-publish-public
           command: .circleci/shared-helpers/helper-npm-version-and-publish-public

diff --git a/.snyk b/.snyk
@@ -0,0 +1,4 @@
+# Snyk (https://snyk.io) policy file, which patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+patch: {}
diff --git a/package.json b/package.json
@@ -19,14 +19,16 @@
     "mocha": "^5.2.0",
     "nock": "^9.2.0",
     "nyc": "^11.8.0",
-    "sinon": "^5.0.0"
+    "sinon": "^5.0.0",
+    "snyk": "^1.167.2"
   },
   "engines": {
     "node": ">=6.0.0"
   },
   "scripts": {
     "precommit": "node_modules/.bin/secret-squirrel",
     "commitmsg": "node_modules/.bin/secret-squirrel-commitmsg",
-    "prepush": "make verify -j3"
+    "prepush": "make verify -j3",
+    "prepare": "npx snyk protect || npx snyk protect -d || true"
   }
 }