From cf7ce65b36f33b58bdc6b67bf615821499e72d38 Mon Sep 17 00:00:00 2001
From: Baptiste Mathus <batmat@batmat.net>
Date: Sun, 21 Oct 2018 15:39:05 +0200
Subject: [PATCH] Add task for running 'npm audit fix' for both client and
 backend sides

---
 Makefile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index 3cab4eb..669bb5a 100644
--- a/Makefile
+++ b/Makefile
@@ -27,3 +27,11 @@ update-package-locks:
 	sed -i 's/"resolved": "http:/"resolved": "https:/g' package-lock.json && \
 	cd ../distribution/client && $(NODE) npm install && \
 	sed -i 's/"resolved": "http:/"resolved": "https:/g' package-lock.json
+
+npm-audit-fix:
+	# Sigh, the sed for forcing https below is recommended by the npm registry team itself...
+	# https://npm.community/t/some-packages-have-dist-tarball-as-http-and-not-https/285/13
+	cd services/ &&	$(NODE) npm audit fix && \
+	sed -i 's/"resolved": "http:/"resolved": "https:/g' package-lock.json && \
+	cd ../distribution/client && $(NODE) npm audit fix && \
+	sed -i 's/"resolved": "http:/"resolved": "https:/g' package-lock.json