The actual whitesource NPM library has some opportunities for improvement. We've wrapped it up here to realise those opportunities and stop that extra code leaking into all our projects.
How to use actually?
npm install --save-dev @financial-times/di2-whitesource
Then in your Makefile
deploy-prod task add
whitesource --prod, and
whitesource to your
(Note: it's recommended to add the
whitesource --prod tasks before the deploy has happened so that bad code never hits production.)
It is also recommended to add the following line to your
The following command runs whitesource with the given product name:-
whitesource "My Really Cool Product"
The following command runs whitesource with the given product name and adds
-prod as a suffix to the project name:-
whitesource "My Really Cool Product" --prod
Add the following option to get whitesource to also check development dependencies (default is just to check production dependencies)
Won't I need some kind of API key?
Yes, you will. It's in LastPass and it's called