template-oss icon indicating copy to clipboard operation
template-oss copied to clipboard

Published 20 hours ago verified publisher icon npm

Consider removing Audit CI check

Open lukekarrys opened this issue 2 years ago • 1 comments

  • Dependabot opens PRs for actionable updates to audits
  • The audit check runs weekly which would only produce additional audit failures that are not actionable

Open questions:

  • Should Audit be removed from PR checks as well?
    • Pros of having it: any new dependencies added in a PR will be checked for audits
    • Cons: since the weekly check is removed, a new PR could contain false positives even if they dont add any new dependencies. This would add noise to CI when reviewing PRs.

lukekarrys avatar Jul 17 '23 20:07 lukekarrys

This CI check is no longer needed, not even in PRs. At the risk of putting the burden back on a human instead of an automated check, new dependency PRs should hopefully not be made if the install flags an audit warning.

wraithgar avatar Jan 19 '24 21:01 wraithgar