diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..8225a18 --- /dev/null +++ b/.snyk @@ -0,0 +1,20 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - archiver > lodash: + patched: '2019-07-04T01:22:42.563Z' + - inquirer > lodash: + patched: '2019-07-04T01:22:42.563Z' + - archiver > archiver-utils > lodash: + patched: '2019-07-04T01:22:42.563Z' + - archiver > async > lodash: + patched: '2019-07-04T01:22:42.563Z' + - archiver > zip-stream > lodash: + patched: '2019-07-04T01:22:42.563Z' + - request-promise-native > request-promise-core > lodash: + patched: '2019-07-04T01:22:42.563Z' + - archiver > zip-stream > archiver-utils > lodash: + patched: '2019-07-04T01:22:42.563Z' diff --git a/package.json b/package.json index ca70dbe..d78cd73 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,8 @@ "open": "0.0.5", "request": "2.76.0", "request-promise-native": "1.0.3", - "underscore": "^1.8.3" + "underscore": "^1.8.3", + "snyk": "^1.189.0" }, "engines": { "node": ">=4.0" @@ -40,6 +41,9 @@ }, "scripts": { "test": "NODE_ENV=test ./node_modules/mocha/bin/mocha --recursive --require babel-register", - "start": "node clay-cli.js" - } + "start": "node clay-cli.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }