Conversation
✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.
|
gonuguntlakavya
changed the title
06kellyjac
added
the
citi-hackathon
jescalada
left a comment
jescalada
left a comment
There was a problem hiding this comment.
@gonuguntlakavya Thanks for the contribution!
Looks good so far, just a few comments on the implementation.
| }, | ||
| "dependencies": { | ||
| "@finos/check-dependency-vulnerabilities": "file:plugins/check-dependency-vulnerabilities/finos-check-dependency-vulnerabilities-0.1.0-alpha.0.tgz", | ||
| "@finos/git-proxy-plugin-samples": "file:plugins/git-proxy-plugin-samples/finos-git-proxy-plugin-samples-0.1.0.tgz", |
There was a problem hiding this comment.
I don't think we should use references to the filesystem in package.json. As shown in the plugin docs, we can add the plugin filename to the plugins config instead.
| "proxyUrl": { "type": "string" }, | ||
| "cookieSecret": { "type": "string" }, | ||
| "sessionMaxAgeHours": { "type": "number" }, | ||
| "dependencyVulnThreshold": { "type": "string" }, |
There was a problem hiding this comment.
This should be an entry within plugins, not a top-level config entry.
There was a problem hiding this comment.
This should probably be moved to plugins/git-proxy-sample-plugins since we don't necessarily want to include it in the base GitProxy setup.
| "exports": { | ||
| ".": "./checkDependencyVuln.js" | ||
| }, | ||
| "dependencies": { |
There was a problem hiding this comment.
dependency-check should be added to the plugin dependencies, rather than the parent repo since the library won't be used outside the plugin.
There was a problem hiding this comment.
Would be great to run this through an LLM for fixing typos 👍🏼
4 participants
A plugin that uses dependency checker to check for the usage of vulnerable dependencies in git pushes.
This PR is being submitted as part of citi finos hackathon