This package creates a issue at Gitea if it detects npm security vulnerabilities. It is designed to be integrated into a CI workflow, using cron jobs to check for vulnerabilities on a regular basis.
npm i -g npm-audit-to-issue
To interactively generate a environment variable:
Once the environment variable is set, the same command will audit the npm package in the current directory, and create and maintain a issue accordingly.
Example CI script
The following commands can be used with a
alpine docker image. It assumes the
NPM_AUDIT_TO_ISSUE environment variable being set.
apk add nodejs npm npm config set unsafe-perm true npm install --global npm-audit-to-issue npm-audit-to-issue