Fix node version & lock down npm version

The intention behind the version of node in the engines property was for that version to be the minimum required so it was always missing the `>=` prefix. This adds that prefix and also adds a setting for npm, to prevent use of insecure versions. See this article for details: https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
2026-02-05 10:53:28 -05:00 · 2021-09-14 20:52:02 +01:00
parent 55287e944d
commit aeaa96124c
1 changed files with 2 additions and 1 deletions
--- a/package.json
+++ b/package.json
@@ -3,7 +3,8 @@
  "version": "0.0.1",
  "description": "Admin front end for GOV.UK Notify",
  "engines": {
-    "node": "10.15.3"
+    "node": ">=10.15.3",
+    "npm": "6.14.15 || >= 7.21.0"
  },
  "scripts": {
    "test": "gulp lint && jest --config tests/javascripts/jest.config.js tests/javascripts",