projen 0.98.6 → 0.98.8

package/lib/javascript/node-project.d.ts

@@ -11,6 +11,35 @@ import { IgnoreFile, IgnoreFileOptions } from "../ignore-file";
 import { NpmConfig, Prettier, PrettierOptions, UpgradeDependencies, UpgradeDependenciesOptions } from "../javascript";
 import { Publisher, Release, ReleaseProjectOptions } from "../release";
 import { Task } from "../task";
+/**
+ * Options for security audit configuration.
+ */
+export interface AuditOptions {
+    /**
+     * Minimum vulnerability level to check for during audit.
+     * @default "high"
+     */
+    readonly level?: "low" | "moderate" | "high" | "critical";
+    /**
+     * Only audit production dependencies.
+     *
+     * When false, both production and development dependencies are audited.
+     * This is recommended as build dependencies can also contain security vulnerabilities.
+     *
+     * @default false
+     */
+    readonly prodOnly?: boolean;
+    /**
+     * When to run the audit task.
+     *
+     * - "build": Run during every build (default)
+     * - "release": Only run during release workflow
+     * - "manual": Create the task but don't run it automatically
+     *
+     * @default "build"
+     */
+    readonly runOn?: "build" | "release" | "manual";
+}
 export interface NodeProjectOptions extends GitHubProjectOptions, NodePackageOptions, ReleaseProjectOptions {
     /**
      * License copyright owner.
@@ -263,6 +292,21 @@ export interface NodeProjectOptions extends GitHubProjectOptions, NodePackageOpt
      * @default - default options
      */
     readonly biomeOptions?: BiomeOptions;
+    /**
+     * Run security audit on dependencies.
+     *
+     * When enabled, creates an "audit" task that checks for known security vulnerabilities
+     * in dependencies. By default, runs during every build and checks for "high" severity
+     * vulnerabilities or above in all dependencies (including dev dependencies).
+     *
+     * @default false
+     */
+    readonly auditDeps?: boolean;
+    /**
+     * Security audit options.
+     * @default - default options
+     */
+    readonly auditDepsOptions?: AuditOptions;
 }
 /**
  * Build workflow options for NodeProject
@@ -527,6 +571,26 @@ export declare class NodeProject extends GitHubProject {
      * The job ID of the build workflow.
      */
     get buildWorkflowJobId(): string | undefined;
+    /**
+     * Adds a security audit task.
+     */
+    private addAuditTask;
+    /**
+     * Gets the appropriate audit command for the package manager.
+     */
+    private getAuditCommand;
+    /**
+     * Gets the threshold value for yarn classic based on vulnerability level.
+     */
+    private getYarnClassicThreshold;
+    /**
+     * Gets the audit level flag for the package manager.
+     */
+    private getAuditLevelFlag;
+    /**
+     * Gets the production-only flag for the package manager.
+     */
+    private getAuditProdFlag;
 }
 /**
  * Options for `renderWorkflowSetup()`.