Skip to content

Integrate retire.js into GitHub Actions CI#56

Merged
568cats merged 7 commits into
mainfrom
tools/integrate_retirejs
Mar 19, 2026
Merged

Integrate retire.js into GitHub Actions CI#56
568cats merged 7 commits into
mainfrom
tools/integrate_retirejs

Conversation

@568cats
Copy link
Copy Markdown

@568cats 568cats commented Mar 19, 2026
edited
Loading

This PR integrates the Retire.js static analysis tool into the GitHub Actions CI. Information about retire.js and NodeBB can found here. .

Note: Currently, retire.js runs with --severity high. In the future, fix the medium and low severity issues, and change the command to just retire in order to identify all security risks.

@568cats
Copy link
Copy Markdown
Author

568cats commented Mar 19, 2026

Retire.js is integrated into the CI. However, it's currently failing certain checks (exit code 13). There are currently a couple libraries with severity=medium that are being caught by the tool. Do we want to customize to set it to only catch severity=high for now?

568cats added 2 commits March 19, 2026 18:00
@568cats
Retire.js fails only if high severity risks exist
525e026
@568cats
Remove grunt-contrib-watch to pass retire.js
5bcd172 
grunt-contrib-watch wasn't being used but was failing
retire.js, so uninstalled it.
@pebble-fish
Copy link
Copy Markdown

pebble-fish commented Mar 19, 2026

I looked through the code and everything seems logical. Code also seems to be passing all of the tests, feel free to push!

@568cats 568cats merged commit d7de36a into main Mar 19, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@568cats @pebble-fish