Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 08 2018 19:33
    nlf synchronize #255
  • Oct 08 2018 19:33

    nlf on remove_all_the_things

    update readme (compare)

  • Oct 08 2018 19:12
    nlf synchronize #255
  • Oct 08 2018 19:12

    nlf on remove_all_the_things

    it helps to also fix the docker… (compare)

  • Oct 08 2018 19:05
    nlf opened #255
  • Oct 08 2018 19:03

    nlf on remove_all_the_things

    literally gut the whole thing (compare)

  • Aug 03 2018 19:53

    nlf on redirect

    (compare)

  • Aug 03 2018 19:53

    nlf on master

    redirect /advisories to npmjs.c… use a config for the host to ma… Merge pull request #252 from no… (compare)

  • Aug 03 2018 19:53
    nlf closed #252
  • Jul 03 2018 20:15

    cowperthwait on wip-marketing

    (compare)

  • Jul 03 2018 20:15

    cowperthwait on 20180626

    (compare)

  • Jul 03 2018 20:15

    cowperthwait on 20180627

    (compare)

  • Jul 03 2018 20:15

    cowperthwait on 20180522

    (compare)

  • Jul 03 2018 20:15

    cowperthwait on 20180703

    (compare)

  • Jul 03 2018 17:46

    scottbuscemi on master

    updated shutdown date to septem… Merge pull request #254 from no… (compare)

  • Jul 03 2018 17:46
    scottbuscemi closed #254
  • Jul 03 2018 17:46
    scottbuscemi opened #254
  • Jul 03 2018 17:45

    scottbuscemi on 20180703

    updated shutdown date to septem… (compare)

  • Jul 03 2018 17:44

    scottbuscemi on master

    adds NSP deprecation notice Merge pull request #253 from no… (compare)

  • Jul 03 2018 17:44
    scottbuscemi closed #253
David Dias
@daviddias
@joeycozza it is a fact that we’ve been wanting to isolate the auditPackage functionallity to its separate module
the thing is that it will envolve a little bit more work than just stripping it out
because the ‘warning features’ when we ignore git dependencies are inside that module and they have to be pushed up
but heck, let’s get this moving forward
I’ve isolated the auditPackage functionality to nap-audit-package https://github.com/nodesecurity/nsp-audit-package
it should get the job done for you (on npm https://www.npmjs.com/package/nsp-audit-package)
David Dias
@daviddias
I’ve already pinged other contributors to help me get this polished as soon as possible, also, feel welcome to close the issues :) https://github.com/nodesecurity/nsp-audit-package/issues
Joey Cozza
@joeycozza

@diasdavid So I have what I believe to be a working nsp-gulp plugin. Works great for package.json, and should work fine with shrinkwrap.json (I just need to do more testing).

This is my first time contributing to a project like this, so I don't really know the protocol on what to do with the source code. Do I put it on my github and publish it to npm, or just give you the source code and you take care of that, etc. If you could give me some guidance on what to do with the source code now that it is written, that would be great. Thanks.

Mike Taylor
@bear
@joeycozza david is currently at a conference - i’ll ping him about your question so he knows about it
Joey Cozza
@joeycozza
thanks
David Dias
@daviddias
@joeycozza this sounds great! thank you for the awesome work. Where can I find this module?
@joeycozza what I think would be best for interest in the community, is to have the repo respective for the plugin inside the nodesecurity org (I’ve just added you as a member) and then you can publish it to npm from your account as the module you built :)
I would love to check it first before it gets published, probably everything will be good right away. Happy to advertise it on our channels after.
@bear thank you for notifying me btw :)
Joey Cozza
@joeycozza
@diasdavid I have a private repo with the code. I added you as a collaborator so you can check it out and give me any feedback before we publish it on nodesecurity's github
Haven't written automated test cases for it yet, but the core functionality is there.
Joey Cozza
@joeycozza
Okay, I just put it on npm. I called it gulp-nsp.
Joey Cozza
@joeycozza
Sorry, I misread your message. I unpublished it from npm until you have a chance to look at it on my private repo.
David Dias
@daviddias
@joeycozza apologies for keeping you waiting, had a crazy last week
I’m not finding the repo anymore, have you changed it’s name as well?
cool, found it
David Dias
@daviddias
@joeycozza did a PR for you to check joeycozza/trialGulpNSP#1 :)
Also, change the repo to be called nsp-gulp , it is the real deal after all :)
Joey Cozza
@joeycozza
@diasdavid Thanks. I made some minor changes, changed the name to nsp-gulp, and fixed the tests.
I have no problem having the code under nodesecurity. Do I just transfer ownership to you (diasdavid) or to nodesecurity?
David Dias
@daviddias
to nodesecurity org itself :) , there should be a option on settings called “Transfer Ownership"
For publishing in npm, I’ve been using this tool - https://www.npmjs.com/package/npm-release , it automatically creates a tag with the version and publishes it
Joey Cozza
@joeycozza
@diasdavid it won't let me transfer ownership because I don't have admin rights on nodesecurity. Github suggests making a temporary and empty admin team for me to be added to so I can transfer the repo.
David Dias
@daviddias
oh, didn’t know of that restriction. done :)
@joeycozza ^^
Joey Cozza
@joeycozza
great. I transfered the repo, and published to NPM.
I think we are good to go with @diasdavid
*with it
David Dias
@daviddias
rad!
just tweeted and echoJSed it http://www.echojs.com/news/13724
Joey Cozza
@joeycozza
Awesome. This is pretty exciting for me. First time contributing to something like this.
David Dias
@daviddias
thank you for the contribution @joeycozza :) great to have you on board
David Dias
@daviddias

nsp-audit-package 0.2.0 released
https://www.npmjs.com/package/nsp-audit-package

Big props to @soarez for the contribution!!

@joeycozza it seems that the previous version was ignoring if there was more than 1 advisory for the same module, this version works fine on that scenario (example qs module). Can you look at nsp-gulp and update it?
Joey Cozza
@joeycozza
absolutely
Joey Cozza
@joeycozza
I looked into it, and my prettyOutput function doesn't output the advisories (similar to nodesecurity/nsp). So I updated the dependency, but nsp-gulp's output/tests don't really change at all.
David Dias
@daviddias
Ok, that’s cool, thank you for reviewing it so quickly
Joey Cozza
@joeycozza
While digging around, I did find a little bug in nsp-audit-package. Just logged an issue on github for it.
Zbyszek Tenerowicz
@naugtur
hey, what's the relation between nsp commandline tool and requireSafe commandline tool?
subset/superset functionally?
Ramu Chenchaiah
@RamuRChenchaiah
Hi all, I tried to use "nsp audit-shrinkwrap"
but it keeps asking for flags... (tried using --dev but no use), any tips would be appreciated.
Alex
@akras14
Hi all, if anybody is here. Is there a DB of some sorts that nsp checks in real time? We had some rules that used to pass now throw errors. The errors are valid, but just curious why it used to work before.
Adam Baldwin
@evilpacket
@akras14 the nsp client talks to an api that we run and manage. We're working hard on stability but sometimes it does hiccup.