Dependency vulnerability check for meteor application


#1

Hello,

I have a meteor application that is build using meteor build and then the bundle should be deployed . in case i need to run dependency vulnerability check using nsp/snyk. Do I need to run it before building the application ? or running the scan against the bundle will be enough ?

Will it makes any differences if I run the scan against the meteor application before the build and after the build ?

Thanks


#2

nsp/snyk will check only for vulnerabilities in npm packages. You should run the scan before you bundle the application. These checkers work by comparing version in your packages.json against their vulnerability database (in addition to any recorded local patches). The check should be part of your tests.