Daniel Ruf
Daniel Ruf
> According to this the helper ends up being the name of the js file. Maybe I can do it by proxy? > Include the handlebars-helper in the helpers/myhelper.js file...
> Problem is like I said their helpers js files have multiple helpers in them. would I be able to do something like array.withSort if I got it to include...
What is the current state?
> There are a few ways we could go about this, but two of them are [Snyk](https://snyk.io/) and [npm-audit-ci](https://www.npmjs.com/package/npm-audit-ci) which would run through Travis. Not sure why the second package...
> @DanielRuf I'd also prefer not adding a new dependency for this but can `npm audit` exit with code 1 based on some criteria? Sure, `npm i npm@latest`, see https://github.com/npm/npm/issues/20593...
> @gretzky One thing to consider: Snyk provides free service for OS projects so it will work here but as soon as someone uses it for their own project, they'll...
> Seems like we would need to update our minimum npm version to 6.0.1 then? @gretzky How do you feel about that? You can do that on CI with postinstall...
To be exact, active LTS are 6, 8 and 10 ;-)
LTS releases probably already ship with 6.0+ but so far updating / upgrading npm is highly recommended.
The yellow banner is an old feature. Only dependabot is really new. Does their status page show issues?