Comment on page
Rules list

Rules based on priority  
The following rules are based on priority levels:
block_priority_critical: Blocks verdicts with a priority level of "critical".
ignore_priority_medium: Ignores verdicts with a priority level of "medium".
block_priority_low: Blocks verdicts with a priority level of "low".
Rules based on activity 
The following rules are based on the behavioural activity triggered by dependencies at install time:
block_network_connection: Blocks verdicts with the message "unexpected outbound connection destination".
ignore_network_connection: Ignores verdicts with the message "unexpected outbound connection destination".
block_process_spawn: Blocks verdicts with the message "npm install spawned a process".
ignore_process_spawn: Ignores verdicts with the message "npm install spawned a process".
ignore_node_gyp_execution: Ignores verdicts where the command line contains the execution of "node-gyp."

Custom rules
In addition to the pre-defined set of rules for common use cases, you can also create custom rules based on specific criteria:

ignore_specific_package_and_version: Ignores verdicts for the specified package name and version. 

For example, in the rule expression setting the query to:
query: .[] | select(.name == "lodash" and .version == "4.0.0") would apply the rule to [email protected] depending on the behavior specified with in the rule.
List of pre-defined rules 
Below is the complete list of rules used in rules.yml :
rules:
​
  # based on priority levels
​
  - name: block_priority_medium
    query: .[] | select(.verdicts[]?.priority == "medium")
​
  - name: ignore_priority_medium
    query: .[] | select(.verdicts[]?.priority == "medium")
    behavior: ignore
​
  - name: block_priority_critical
    query: .[] | select(.verdicts[]?.priority == "critical")
​
  # based on activity
​
  - name: block_network_connection
    query: .[] | .verdicts[]? | select(.message == "unexpected outbound connection destination")
​
  - name: ignore_network_connection
    query: .[] | .verdicts[] | select(.message == "unexpected outbound connection destination")
    behavior: ignore
​
  - name: block_process_spawn
    query: .[] | .verdicts[]? | select(.message == "npm install spawned a process")
​
  - name: ignore_process_spawn
    query: .[] | .verdicts[]? | select(.message == "npm install spawned a process")
    behavior: ignore
    
  # based on specified commands (replace commandline with specified condition)
  
  - name: ignore_node_gyp_execution
    query: .[] | .verdicts[]? | select(.metadata.commandline | contains("node-gyp"))
    behavior: ignore
    
  - name: block_node_gyp_execution
    query: .[] | .verdicts[]? | select(.metadata.commandline | contains("node-gyp"))
  
  # based on specified packages (replace package name and version with desired condition)
  
  - name: ignore_specific_package_and_version
    query: .[] | select(.name == "<package-name>" and .version == "<package-version>")
    behavior: ignore
​
​
Last modified 8mo ago