Product Documentation
Product Documentation
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Visual Studio Code
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Why might my scan be failing?
Can’t load code snippets?
Clean security report?
Account Settings
Permissions
Project Settings
Project Tokens
Security Gates
Reporting
Powered by GitBook

Setting Projects Up Using NPM

A quick guide to setting up your projects on reshift using NPM

Here is a quick guide to setting up your projects with NPM.

Add a project

1- By clicking on the "Add Project" card inside the Projects Home page.

2- By clicking on the "+" button towards the top right hand corner of every screen.

Next, choose your JavaScript project from the list.

Pro Tip: the repositories with the blue shield next to them are already set up.

Run a Quick Scan or Build Using NPM

You can run a quick scan to automatically scan your latest JavaScript project.

Or you can build using the NPM plugin.

Complete the configuration

You'll find:

  1. The NPM plugin install command: npm install -g @reshiftsecurity/reshift-plugin-npm

  2. Your Reshift scan command using the reshift token Reshift Token: reshift-scan -t {reshift token}

Note: if you want to exclude certain files/folders from your JavaScript scan add a `.reshiftignore` to your project root in git. This file works the same as `.gitignore`.

Build and run

Use the first command to install the NPM plugin. Next run your Reshift scan command.

Once completed, the results will automatically be sent to the server for analysis and your report will appear on your Reshift dashboard.

​

Ignoring code in scans

If you want to exclude certain files/folders from your JavaScript scan add a `.reshiftignore` to your project root in git. This file works the same as `.gitignore`.

To ignore a folder called build, your `.reshiftignore` file contents should look like:

build

To ignore any file that ends with -test.js, your `.reshiftignore` file contents should look like

*-test.js

For more information on .gitignore syntax, please visit the git documentation here: https://git-scm.com/docs/gitignore​

If you have any more questions, please email us at [email protected]!

Getting Started - Previous
Granting Reshift GitHub Organization Access After Signing up
Next - Integrations
GitHub Actions [JavaScript]
Last updated 3 months ago
Contents
Add a project
Run a Quick Scan or Build Using NPM
Complete the configuration
Build and run
Ignoring code in scans