fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are ignored: - https://snyk.io/vuln/npm:string:20170907 Latest report for sobolevn/awesome-cryptography: https://snyk.io/test/github/sobolevn/awesome-cryptography
7 years ago · 9aee770fd4
parent 26f220f4ab
commit 9aee770fd4
2 changed files with 16 additions and 3 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,9 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.8.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:string:20170907':
+    - remark-lint-are-links-valid-alive > broken-link-checker > bhttp > string:
+        reason: None given
+        expires: '2017-12-16T20:29:28.612Z'
+patch: {}
--- a/package.json
+++ b/package.json
@ -4,7 +4,9 @@
  "description": "A curated list of cryptography resources and links.",
  "main": "index.js",
  "scripts": {
-    "test": "remark README.md CONTRIBUTING.md -f"
+    "test": "remark README.md CONTRIBUTING.md -f",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
  },
  "repository": {
    "type": "git",
@ -28,7 +30,8 @@
    "remark-lint-alphabetize-lists": "^2.0.0",
    "remark-lint-are-links-valid-alive": "^0.2.1",
    "remark-lint-are-links-valid-duplicate": "^0.2.1",
-    "remark-preset-lint-recommended": "^3.0.0"
+    "remark-preset-lint-recommended": "^3.0.0",
+    "snyk": "^1.49.3"
  },
  "remarkConfig": {
    "plugins": [
@ -44,5 +47,6 @@
    "settings": {
      "commonmark": true
    }
-  }
+  },
+  "snyk": true
 }