Skip to content
/ curation-demo Public

A small NPM to showcase JFrog's Curation Capabilities

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tomjfrog/curation-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.idea
.idea
 
 
.jfrog/projects
.jfrog/projects
 
 
bin
bin
 
 
public/stylesheets
public/stylesheets
 
 
routes
routes
 
 
views
views
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.js
app.js
 
 
package.json
package.json
 
 

Repository files navigation

Curation Demo

The App

This is just a basic Node/Express application generated by IntelliJ's project generator. Nothing fancy here.

The Curation Setup

In Curation JPD

  1. Create a local, remote, and virtual repository for NPM
  2. In Curation Settings -> Curated Repositories, add the remote from step 1 to the list of curated repositories.
  3. Create a Curation Policy for NPM:
    1. Create an arbitrary name.
    2. Set the condition to "CVE with CVSS score of 9 or above (fix version available)".
    3. Set the action to "Block".
    4. Set a notification email address.

In A Local Terminal

  1. Ensure JF CLI is installed and configured to point to your JF instance with Curation Enabled
jf c add
  1. Configure local NPM Client to point to your JF instance with Curation Enabled:
jf npmc
> Resolve dependencies from Artifactory? (y/n) [y]? y
> Set Artifactory server ID <some-artifactory-instance>: 
> Set repository for dependencies resolution (press Tab for options): <a curated NPM remote proxy repository>
> Deploy project artifacts to Artifactory? (y/n) [y]? y
> Set Artifactory server ID <some-artifactory-instance>: 
> Set repository for artifacts deployment (press Tab for options): <some local or virtual NPM Repo in Target JPD>
> 12:42:28 [🔵Info] npm build config successfully created.
  1. Ensure node_modules and package-lock.json are removed to ensure a fresh install:
rm -rf node_modules && rm package-lock.json
  1. Install the JF Curation NPM Package:
jf npm install

As long are you have added a package that will trigger a Curation policy violation, you should see the following output:

08:41:15 [🚨Error] couldn't run npm install: npm WARN deprecated [email protected]: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://soleng.jfrog.io/artifactory/api/npm/tomj-curation-npm/protobufjs/-/protobufjs-6.11.2.tgz
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/tomj/.npm/_logs/2023-09-18T13_41_01_290Z-debug-0.log

About

A small NPM to showcase JFrog's Curation Capabilities

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages