mirror of
https://github.com/titanscouting/tra-analysis.git
synced 2024-11-14 07:06:17 +00:00
86 lines
6.2 KiB
HTML
86 lines
6.2 KiB
HTML
<!doctype html>
|
|
<html>
|
|
<title>npm-audit</title>
|
|
<meta charset="utf-8">
|
|
<link rel="stylesheet" type="text/css" href="../../static/style.css">
|
|
<link rel="canonical" href="https://www.npmjs.org/doc/cli/npm-audit.html">
|
|
<script async=true src="../../static/toc.js"></script>
|
|
|
|
<body>
|
|
<div id="wrapper">
|
|
|
|
<h1><a href="../cli/npm-audit.html">npm-audit</a></h1> <p>Run a security audit</p>
|
|
<h2 id="synopsis">SYNOPSIS</h2>
|
|
<pre><code>npm audit [--json|--parseable]
|
|
npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]</code></pre><h2 id="examples">EXAMPLES</h2>
|
|
<p>Scan your project for vulnerabilities and automatically install any compatible
|
|
updates to vulnerable dependencies:</p>
|
|
<pre><code>$ npm audit fix</code></pre><p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the
|
|
pkglock:</p>
|
|
<pre><code>$ npm audit fix --package-lock-only</code></pre><p>Skip updating <code>devDependencies</code>:</p>
|
|
<pre><code>$ npm audit fix --only=prod</code></pre><p>Have <code>audit fix</code> install semver-major updates to toplevel dependencies, not just
|
|
semver-compatible ones:</p>
|
|
<pre><code>$ npm audit fix --force</code></pre><p>Do a dry run to get an idea of what <code>audit fix</code> will do, and <em>also</em> output
|
|
install information in JSON format:</p>
|
|
<pre><code>$ npm audit fix --dry-run --json</code></pre><p>Scan your project for vulnerabilities and just show the details, without fixing
|
|
anything:</p>
|
|
<pre><code>$ npm audit</code></pre><p>Get the detailed audit report in JSON format:</p>
|
|
<pre><code>$ npm audit --json</code></pre><p>Get the detailed audit report in plain text result, separated by tab characters, allowing for
|
|
future reuse in scripting or command line post processing, like for example, selecting
|
|
some of the columns printed:</p>
|
|
<pre><code>$ npm audit --parseable</code></pre><p>To parse columns, you can use for example <code>awk</code>, and just print some of them:</p>
|
|
<pre><code>$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'</code></pre><h2 id="description">DESCRIPTION</h2>
|
|
<p>The audit command submits a description of the dependencies configured in
|
|
your project to your default registry and asks for a report of known
|
|
vulnerabilities. The report returned includes instructions on how to act on
|
|
this information.</p>
|
|
<p>You can also have npm automatically fix the vulnerabilities by running <code>npm
|
|
audit fix</code>. Note that some vulnerabilities cannot be fixed automatically and
|
|
will require manual intervention or review. Also note that since <code>npm audit fix</code>
|
|
runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the
|
|
installer will also apply to <code>npm install</code> -- so things like <code>npm audit fix
|
|
--package-lock-only</code> will work as expected.</p>
|
|
<h2 id="content-submitted">CONTENT SUBMITTED</h2>
|
|
<ul>
|
|
<li>npm_version</li>
|
|
<li>node_version</li>
|
|
<li>platform</li>
|
|
<li>node_env</li>
|
|
<li>A scrubbed version of your package-lock.json or npm-shrinkwrap.json</li>
|
|
</ul>
|
|
<h3 id="scrubbing">SCRUBBING</h3>
|
|
<p>In order to ensure that potentially sensitive information is not included in
|
|
the audit data bundle, some dependencies may have their names (and sometimes
|
|
versions) replaced with opaque non-reversible identifiers. It is done for
|
|
the following dependency types:</p>
|
|
<ul>
|
|
<li>Any module referencing a scope that is configured for a non-default
|
|
registry has its name scrubbed. (That is, a scope you did a <code>npm login --scope=@ourscope</code> for.)</li>
|
|
<li>All git dependencies have their names and specifiers scrubbed.</li>
|
|
<li>All remote tarball dependencies have their names and specifiers scrubbed.</li>
|
|
<li>All local directory and tarball dependencies have their names and specifiers scrubbed.</li>
|
|
</ul>
|
|
<p>The non-reversible identifiers are a sha256 of a session-specific UUID and the
|
|
value being replaced, ensuring a consistent value within the payload that is
|
|
different between runs.</p>
|
|
<h2 id="see-also">SEE ALSO</h2>
|
|
<ul>
|
|
<li><a href="../cli/npm-install.html">npm-install(1)</a></li>
|
|
<li><a href="../files/package-locks.html">package-locks(5)</a></li>
|
|
<li><a href="../misc/config.html">config(7)</a></li>
|
|
</ul>
|
|
|
|
</div>
|
|
|
|
<table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
|
|
<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr>
|
|
<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr>
|
|
<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr>
|
|
<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr>
|
|
<tr><td style="width:10px;height:10px;background:#fff"> </td></tr>
|
|
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr>
|
|
<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr>
|
|
</table>
|
|
<p id="footer">npm-audit — npm@6.5.0</p>
|
|
|