diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..dc7983c16 --- /dev/null +++ b/.snyk @@ -0,0 +1,26 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.19.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - socket.io > debug: + patched: '2020-11-12T22:28:56.297Z' + - socket.io > engine.io > debug: + patched: '2020-11-12T22:28:56.297Z' + - socket.io > socket.io-client > debug: + patched: '2020-11-12T22:28:56.297Z' + - socket.io > socket.io-client > engine.io-client > debug: + patched: '2020-11-12T22:28:56.297Z' + 'npm:ms:20151024': + - socket.io > debug > ms: + patched: '2020-11-12T22:28:56.297Z' + - socket.io > engine.io > debug > ms: + patched: '2020-11-12T22:28:56.297Z' + - socket.io > socket.io-client > debug > ms: + patched: '2020-11-12T22:28:56.297Z' + - socket.io > socket.io-client > engine.io-client > debug > ms: + patched: '2020-11-12T22:28:56.297Z' + 'npm:negotiator:20160616': + - socket.io > engine.io > accepts > negotiator: + patched: '2020-11-12T22:28:56.297Z' diff --git a/package.json b/package.json index 8d3a4e7d2..858cb95db 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,9 @@ "start": "node bin/start.js", "test": "NODE_ENV=test mocha -R spec --recursive", "coverage": "NODE_ENV=test istanbul cover _mocha -- --recursive", - "libbitcoind": "node bin/start-libbitcoind.js" + "libbitcoind": "node bin/start-libbitcoind.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "tags": [ "bitcoin", @@ -63,7 +65,8 @@ "npm": "^2.14.1", "semver": "^5.0.1", "socket.io": "bitpay/socket.io#bitpay-1.3.7", - "socket.io-client": "bitpay/socket.io-client#bitpay-1.3.7" + "socket.io-client": "bitpay/socket.io-client#bitpay-1.3.7", + "snyk": "^1.425.3" }, "devDependencies": { "aws-sdk": "~2.0.0-rc.15", @@ -88,5 +91,6 @@ "x64", "arm" ], - "license": "MIT" + "license": "MIT", + "snyk": true }