WIP: Install dependencies in build job (!48) · Merge requests · GitLab.org / security-products / Tests / js-npm

Fabien Catteau requested to merge build-npm-install into no_dind-FREEZE Feb 27, 2020

Install dependencies in build job, and pass the node_modules directory as a job artifact.

The retire-js-dependency_scanning scanner scans the node_modules it's given and doesn't run npm install. As a consequence, the vulnerabilities are reported for files of the node_modules directory, and not for package.json.

Do not merge! This is an experiment. See gitlab-org/gitlab#13477 (comment 290831965)

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖

WIP: Install dependencies in build job

Merge request reports