s/safety/snyk/

.github/workflows/audit.yml

@@ -19,12 +19,4 @@ jobs:
     - run: "wget https://go.dev/dl/go1.23.0.linux-amd64.tar.gz"
     - run: "sudo tar -C /usr/local -xzf go1.23.0.linux-amd64.tar.gz"
     - run: "./install"
-    #
-    # Debian-based Ubuntu GitHub Actions base OS is
-    # expected to present unresolvable CVE's.
-    #
-    # Disabling (GitHub Actions Hosted) safety runner step for now.
-    # Care when merging pull requests.
-    # In any case, all CI/CD jobs can be peformed locally.
-    #
-    # - run: "./build audit"
+    - run: "./build audit"

.tool-versions

@@ -1,2 +1,3 @@
 golang 1.23.0
+nodejs 20.10.0
 python 3.12.1

README.md

@@ -49,6 +49,7 @@ It is provided with the base macOS operating system. Equivalent aliases for `ope
 * [ShellCheck](https://www.shellcheck.net/) 0.8.0+
 * [Go](https://go.dev/) 1.23.0+
 * [kirill](https://github.com/mcandre/kirill) 0.0.1
+* [Node.js](https://nodejs.org/en/) 20.10.0+
 * [Python](https://www.python.org/) 3.12.1+
 * Provision additional dev tools with `./install`
 

build

@@ -5,7 +5,7 @@ set -euf
 DEFAULT_TASK='lint'
 
 audit() {
-    safety
+    snyk
 }
 
 lint() {
@@ -32,10 +32,6 @@ kirill() {
         xargs -0 -n 1 -t jq -r input_filename
 }
 
-safety() {
-    command safety check
-}
-
 shellcheck() {
     stank -print0 -exInterp zsh . |
         xargs -0 -n 1 shellcheck
@@ -51,6 +47,10 @@ slick() {
         xargs -0 -n 1 slick
 }
 
+snyk() {
+    command snyk test
+}
+
 yamllint() {
     command yamllint -s .yamllint .
 }

install

@@ -7,5 +7,7 @@ go install github.com/mcandre/stank/[email protected]
 go install mvdan.cc/sh/v3/cmd/[email protected]
 go mod tidy
 
+npm install -g snyk
+
 pip3 install --upgrade pip setuptools
 pip3 install -r requirements-dev.txt

requirements-dev.txt

@@ -1,3 +1,2 @@
 bashate>=2.1.1,<3.0
-safety
 yamllint>=1.11.1,<2.0