fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:marked:20170112 The following vulnerabilities are ignored: - https://snyk.io/vuln/npm:ms:20170412 Latest report for snyk/snyk-to-html: https://snyk.io/test/github/snyk/snyk-to-html
snyk · May 16, 2017 · 875363e · 875363e
1 parent 70b6357
commit 875363e
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,52 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:ms:20170412':
+    - snyk > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.527Z'
+    - snyk > snyk-config > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.527Z'
+    - snyk > snyk-module > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.527Z'
+    - snyk > snyk-policy > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.527Z'
+    - snyk > snyk-resolve > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.584Z'
+    - snyk > snyk-resolve-deps > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.584Z'
+    - snyk > snyk-try-require > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.585Z'
+    - snyk > snyk-policy > snyk-module > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.585Z'
+    - snyk > snyk-policy > snyk-resolve > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.585Z'
+    - snyk > snyk-resolve-deps > snyk-resolve > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.585Z'
+    - snyk > snyk-policy > snyk-try-require > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.585Z'
+    - snyk > snyk-resolve-deps > snyk-try-require > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.585Z'
+    - snyk > snyk-resolve-deps > clite > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.586Z'
+    - snyk > snyk-resolve-deps > snyk-module > debug > ms:
+        reason: None given
+        expires: '2017-06-15T18:12:58.586Z'
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:marked:20170112':
+    - marked:
+        patched: '2017-05-16T18:12:58.587Z'
diff --git a/package.json b/package.json
@@ -5,20 +5,23 @@
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
-    "report": "node hbs.js > output/test-report.html && open output/test-report.html"
+    "report": "node hbs.js > output/test-report.html && open output/test-report.html",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "author": "",
   "license": "ISC",
   "dependencies": {
     "handlebars": "^4.0.8",
     "marked": "^0.3.6",
     "moment": "^2.18.1",
-    "snyk": "^1.30.0"
+    "snyk": "^1.30.1"
   },
   "devDependencies": {
     "minimist": "^1.2.0"
   },
   "bin": {
     "snyk-to-html": "./snyk-to-html.js"
-  }
+  },
+  "snyk": true
 }