@@ -1040,6 +1040,38 @@ re-calculated when you expect it to, you can run:
10401040
10411041
10421042
1043+ Run Security Audits on Your Dependencies
1044+ ----------------------------------------
1045+
1046+ Just like ``npm `` and ``yarn ``, the AssetMapper component comes bundled with a
1047+ command allowing you to quickly have a look at security vulnerability advisories
1048+ that may exist in the dependencies you're using in your application:
1049+
1050+ .. code-block :: terminal
1051+
1052+ $ php bin/console importmap:audit
1053+
1054+
1055+
1056+ .. image :: /_images/components/assetmapper/01-importmap-audit.png
1057+ :alt: Console output showing a table of security vulnerabilities that exist
1058+ in the dependencies used in the application.
1059+
1060+ Additionally, the command takes a ``--format `` option to chose in which format
1061+ the output should be. The values supported by this options are the following:
1062+
1063+ * ``txt ``
1064+ * ``json ``
1065+
1066+ The command will return the ``0 `` exit code if no vulnerability is found, or
1067+ the ``-1 `` exit code otherwise. This means that you can seamlessly integrate this
1068+ command as part of your CI to be warned anytime a new vulnerability is found
1069+ in the packages you use.
1070+
1071+ .. versionadded :: 6.4
1072+
1073+ The ``importmap:audit `` command was introduced in Symfony 6.4.
1074+
10431075.. _latest asset-mapper recipe : https://github.com/symfony/recipes/tree/main/symfony/asset-mapper
10441076.. _import statement : https://caniuse.com/es6-module-dynamic-import
10451077.. _ES6 : https://caniuse.com/es6
0 commit comments