What is meant by checking that the project is "secure" is checking dependencies against known security issues. While this is useful, this is completely different from what is advertised (I've expected some sort of a heuristic security anti-pattern detector).
> I don't want to create/edit a new make/grunt/gulp file or whatever hype dev use these days.<p>Make is from 1977, and is pretty rare for web developers. gulp was designed as a grunt replacement, anyone familiar with the former can learn the latter.<p>I love jslint, I love checking for insecure npm modules, and the other things this module provides seem good too, but having a build system doesn't preclude any of those.
Interesting library – I ran it on one of my projects which consists of JS compiled from literate coffeescript. The JS also has also been run through browserify and uglify.<p>My code is tested using mocha (albeit lightly), passes lint tests and seems to have no issues pre or post compiling, however when I run check-build I receive 28 errors and 25 warnings.<p>Here is a sample of check-build's output:<p><pre><code> line 4 col 448 Line is too long.
line 4 col 22 Missing "use strict" statement.
line 4 col 80 Expected '===' and instead saw '=='.
line 4 col 99 Missing "use strict" statement.
line 4 col 109 Expected '{' and instead saw 'return'.
line 4 col 123 Missing "use strict" statement.
line 4 col 124 Missing "use strict" statement.
</code></pre>
This seems to be directly related to using uglify – my guess is that I need to tweak the config file to fit my stack (I'm using the default example).<p>edit - I already changed the config to match my directory structure and am running check-build on the compiled JS.