Grunt / Gulp Integrations & CLI Exceptions

It’s been an exciting past couple of weeks. First we launched the new CLI, then we integrated with Code Climate, and now we are going to ship a couple more integrations and a new, much asked for enterprise feature: exceptions.

Grunt & Gulp

We know not everyone uses the same tools for their dev/CI process, so the CLI might not be enough for you. To help make requireSafe accessible to everyone we’ve released grunt-requiresafe and gulp-requiresafe.

Additionally with the release of these integrations we are now at feature parity with the Node Security Project tooling. If you are currently using the Node Security Project tools, specifically the grunt-nsp-package, grunt-nsp-shrinkwrap or gulp-nsp we highly suggest you migrate to these new requireSafe integrations.

This is an important step in a long journey to make these tools more performant, stable and maintainable. We’ll talk more about this transition soon.

Integration documentation to help with migration can be found here: - grunt-requiresafe - gulp-requiresafe

Command Line Exceptions

The requireSafe CLI now supports adding exceptions.

Exceptions are advisories that you have evaluated and acknowledged as having acceptable risk, or have a plan in place to address, but don’t want requireSafe to break the build over.

In order to leverage this capability, create a .requiresaferc file in the root of your project with content like the following:

  "exceptions": [""]

The URLs used in the array should match the advisory link that the CLI reports. With this in place, you will no longer receive warnings about any advisories in the exceptions array.

Be careful using this feature. If you add code later that is impacted by an excluded advisory, requireSafe has no way of knowing. Keep a careful eye on your exceptions.

You might also enjoy reading: