????
Your IP : 3.135.189.119
<html><head>
<title>npm-audit</title>
<style>
body {
background-color: #ffffff;
color: #24292e;
margin: 0;
line-height: 1.5;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji";
}
#rainbar {
height: 10px;
background-image: linear-gradient(139deg, #fb8817, #ff4b01, #c12127, #e02aff);
}
a {
text-decoration: none;
color: #0366d6;
}
a:hover {
text-decoration: underline;
}
pre {
margin: 1em 0px;
padding: 1em;
border: solid 1px #e1e4e8;
border-radius: 6px;
display: block;
overflow: auto;
white-space: pre;
background-color: #f6f8fa;
color: #393a34;
}
code {
font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace;
font-size: 85%;
padding: 0.2em 0.4em;
background-color: #f6f8fa;
color: #393a34;
}
pre > code {
padding: 0;
background-color: inherit;
color: inherit;
}
h1, h2, h3 {
font-weight: 600;
}
#logobar {
background-color: #333333;
margin: 0 auto;
padding: 1em 4em;
}
#logobar .logo {
float: left;
}
#logobar .title {
font-weight: 600;
color: #dddddd;
float: left;
margin: 5px 0 0 1em;
}
#logobar:after {
content: "";
display: block;
clear: both;
}
#content {
margin: 0 auto;
padding: 0 4em;
}
#table_of_contents > h2 {
font-size: 1.17em;
}
#table_of_contents ul:first-child {
border: solid 1px #e1e4e8;
border-radius: 6px;
padding: 1em;
background-color: #f6f8fa;
color: #393a34;
}
#table_of_contents ul {
list-style-type: none;
padding-left: 1.5em;
}
#table_of_contents li {
font-size: 0.9em;
}
#table_of_contents li a {
color: #000000;
}
header.title {
border-bottom: solid 1px #e1e4e8;
}
header.title > h1 {
margin-bottom: 0.25em;
}
header.title > .description {
display: block;
margin-bottom: 0.5em;
line-height: 1;
}
footer#edit {
border-top: solid 1px #e1e4e8;
margin: 3em 0 4em 0;
padding-top: 2em;
}
</style>
</head>
<body>
<div id="banner">
<div id="rainbar"></div>
<div id="logobar">
<svg class="logo" role="img" height="32" width="32" viewBox="0 0 700 700">
<polygon fill="#cb0000" points="0,700 700,700 700,0 0,0"></polygon>
<polygon fill="#ffffff" points="150,550 350,550 350,250 450,250 450,550 550,550 550,150 150,150"></polygon>
</svg>
<div class="title">
npm command-line interface
</div>
</div>
</div>
<section id="content">
<header class="title">
<h1 id="npm-audit">npm-audit</h1>
<span class="description">Run a security audit</span>
</header>
<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#examples">Examples</a></li><li><a href="#description">Description</a></li><li><a href="#content-submitted">Content Submitted</a></li><ul><li><a href="#scrubbing">Scrubbing</a></li></ul><li><a href="#exit-code">Exit Code</a></li><li><a href="#see-also">See Also</a></li></ul></div>
</section>
<div id="_content"><h3 id="synopsis">Synopsis</h3>
<pre lang="bash"><code>npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
npm audit fix [--force|--package-lock-only|--dry-run]
common options: [--production] [--only=(dev|prod)]
</code></pre>
<h3 id="examples">Examples</h3>
<p>Scan your project for vulnerabilities and automatically install any compatible
updates to vulnerable dependencies:</p>
<pre lang="bash"><code>$ npm audit fix
</code></pre>
<p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the
pkglock:</p>
<pre lang="bash"><code>$ npm audit fix --package-lock-only
</code></pre>
<p>Skip updating <code>devDependencies</code>:</p>
<pre lang="bash"><code>$ npm audit fix --only=prod
</code></pre>
<p>Have <code>audit fix</code> install semver-major updates to toplevel dependencies, not just
semver-compatible ones:</p>
<pre lang="bash"><code>$ npm audit fix --force
</code></pre>
<p>Do a dry run to get an idea of what <code>audit fix</code> will do, and <em>also</em> output
install information in JSON format:</p>
<pre lang="bash"><code>$ npm audit fix --dry-run --json
</code></pre>
<p>Scan your project for vulnerabilities and just show the details, without fixing
anything:</p>
<pre lang="bash"><code>$ npm audit
</code></pre>
<p>Get the detailed audit report in JSON format:</p>
<pre lang="bash"><code>$ npm audit --json
</code></pre>
<p>Get the detailed audit report in plain text result, separated by tab characters, allowing for
future reuse in scripting or command line post processing, like for example, selecting
some of the columns printed:</p>
<pre lang="bash"><code>$ npm audit --parseable
</code></pre>
<p>To parse columns, you can use for example <code>awk</code>, and just print some of them:</p>
<pre lang="bash"><code>$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
</code></pre>
<p>Fail an audit only if the results include a vulnerability with a level of moderate or higher:</p>
<pre lang="bash"><code>$ npm audit --audit-level=moderate
</code></pre>
<h3 id="description">Description</h3>
<p>The audit command submits a description of the dependencies configured in
your project to your default registry and asks for a report of known
vulnerabilities. The report returned includes instructions on how to act on
this information. The command will exit with a 0 exit code if no
vulnerabilities were found.</p>
<p>You can also have npm automatically fix the vulnerabilities by running <code>npm audit fix</code>. Note that some vulnerabilities cannot be fixed automatically and
will require manual intervention or review. Also note that since <code>npm audit fix</code>
runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the
installer will also apply to <code>npm install</code> – so things like <code>npm audit fix --package-lock-only</code> will work as expected.</p>
<p>By default, the audit command will exit with a non-zero code if any vulnerability
is found. It may be useful in CI environments to include the <code>--audit-level</code> parameter
to specify the minimum vulnerability level that will cause the command to fail. This
option does not filter the report output, it simply changes the command’s failure
threshold.</p>
<h3 id="content-submitted">Content Submitted</h3>
<ul>
<li>npm_version</li>
<li>node_version</li>
<li>platform</li>
<li>node_env</li>
<li>A scrubbed version of your package-lock.json or npm-shrinkwrap.json</li>
</ul>
<h4 id="scrubbing">Scrubbing</h4>
<p>In order to ensure that potentially sensitive information is not included in
the audit data bundle, some dependencies may have their names (and sometimes
versions) replaced with opaque non-reversible identifiers. It is done for
the following dependency types:</p>
<ul>
<li>Any module referencing a scope that is configured for a non-default
registry has its name scrubbed. (That is, a scope you did a <code>npm login --scope=@ourscope</code> for.)</li>
<li>All git dependencies have their names and specifiers scrubbed.</li>
<li>All remote tarball dependencies have their names and specifiers scrubbed.</li>
<li>All local directory and tarball dependencies have their names and specifiers scrubbed.</li>
</ul>
<p>The non-reversible identifiers are a sha256 of a session-specific UUID and the
value being replaced, ensuring a consistent value within the payload that is
different between runs.</p>
<h3 id="exit-code">Exit Code</h3>
<p>The <code>npm audit</code> command will exit with a 0 exit code if no vulnerabilities were found.</p>
<p>If vulnerabilities were found the exit code will depend on the <code>audit-level</code>
configuration setting.</p>
<h3 id="see-also">See Also</h3>
<ul>
<li><a href="../commands/npm-install.html">npm install</a></li>
<li><a href="../configuring-npm/package-locks.html">package-locks</a></li>
<li><a href="../using-npm/config.html">config</a></li>
</ul>
</div>
<footer id="edit">
<a href="https://github.com/npm/cli/edit/v6/docs/content/commands/npm-audit.md">
<svg role="img" viewBox="0 0 16 16" width="16" height="16" fill="currentcolor" style="vertical-align: text-bottom; margin-right: 0.3em;">
<path fill-rule="evenodd" d="M11.013 1.427a1.75 1.75 0 012.474 0l1.086 1.086a1.75 1.75 0 010 2.474l-8.61 8.61c-.21.21-.47.364-.756.445l-3.251.93a.75.75 0 01-.927-.928l.929-3.25a1.75 1.75 0 01.445-.758l8.61-8.61zm1.414 1.06a.25.25 0 00-.354 0L10.811 3.75l1.439 1.44 1.263-1.263a.25.25 0 000-.354l-1.086-1.086zM11.189 6.25L9.75 4.81l-6.286 6.287a.25.25 0 00-.064.108l-.558 1.953 1.953-.558a.249.249 0 00.108-.064l6.286-6.286z"></path>
</svg>
Edit this page on GitHub
</a>
</footer>
</section>
</body></html>