Setting Projects Up Using NPM

A quick guide to setting up your projects on reshift using NPM

Here is a quick guide to setting up your projects with NPM.

Add a project

1- By clicking on the "Add Project" card inside the Projects Home page.

2- By clicking on the "+" button towards the top right hand corner of every screen.

Next, choose your JavaScript project from the list.

Pro Tip: the repositories with the blue shield next to them are already set up.

Choose build approach

Next, you will be prompted to choose the projects setting, make sure to choose "NPM" from the "Build Approach".

Complete the configuration

You'll find:

  1. The NPM plugin install command: npm install -g @reshiftsecurity/reshift-plugin-npm

  2. Your Reshift scan command using the reshift token Reshift Token: reshift-scan -t {reshift token}

Note: if you want to exclude certain files/folders from your JavaScript scan add a `.reshiftignore` to your project root in git. This file works the same as `.gitignore`.

Build and run

Use the first command to install the NPM plugin. Next run your Reshift scan command.

Once completed, the results will automatically be sent to the server for analysis and your report will appear on your Reshift dashboard.

Ignoring code in scans

If you want to exclude certain files/folders from your JavaScript scan add a `.reshiftignore` to your project root in git. This file works the same as `.gitignore`.

To ignore a folder called build, your `.reshiftignore` file contents should look like:

build

To ignore any file that ends with -test.js, your `.reshiftignore` file contents should look like

*-test.js

For more information on .gitignore syntax, please visit the git documentation here: https://git-scm.com/docs/gitignore

If you have any more questions, please email us at info@reshiftsecurity.com!