mirror of
				https://github.com/titanscouting/tra-analysis.git
				synced 2025-10-25 10:29:20 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			86 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			86 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <!doctype html>
 | |
| <html>
 | |
|   <title>npm-audit</title>
 | |
|   <meta charset="utf-8">
 | |
|   <link rel="stylesheet" type="text/css" href="../../static/style.css">
 | |
|   <link rel="canonical" href="https://www.npmjs.org/doc/cli/npm-audit.html">
 | |
|   <script async=true src="../../static/toc.js"></script>
 | |
| 
 | |
|   <body>
 | |
|     <div id="wrapper">
 | |
| 
 | |
| <h1><a href="../cli/npm-audit.html">npm-audit</a></h1> <p>Run a security audit</p>
 | |
| <h2 id="synopsis">SYNOPSIS</h2>
 | |
| <pre><code>npm audit [--json|--parseable]
 | |
| npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]</code></pre><h2 id="examples">EXAMPLES</h2>
 | |
| <p>Scan your project for vulnerabilities and automatically install any compatible
 | |
| updates to vulnerable dependencies:</p>
 | |
| <pre><code>$ npm audit fix</code></pre><p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the
 | |
| pkglock:</p>
 | |
| <pre><code>$ npm audit fix --package-lock-only</code></pre><p>Skip updating <code>devDependencies</code>:</p>
 | |
| <pre><code>$ npm audit fix --only=prod</code></pre><p>Have <code>audit fix</code> install semver-major updates to toplevel dependencies, not just
 | |
| semver-compatible ones:</p>
 | |
| <pre><code>$ npm audit fix --force</code></pre><p>Do a dry run to get an idea of what <code>audit fix</code> will do, and <em>also</em> output
 | |
| install information in JSON format:</p>
 | |
| <pre><code>$ npm audit fix --dry-run --json</code></pre><p>Scan your project for vulnerabilities and just show the details, without fixing
 | |
| anything:</p>
 | |
| <pre><code>$ npm audit</code></pre><p>Get the detailed audit report in JSON format:</p>
 | |
| <pre><code>$ npm audit --json</code></pre><p>Get the detailed audit report in plain text result, separated by tab characters, allowing for
 | |
| future reuse in scripting or command line post processing, like for example, selecting
 | |
| some of the columns printed:</p>
 | |
| <pre><code>$ npm audit --parseable</code></pre><p>To parse columns, you can use for example <code>awk</code>, and just print some of them:</p>
 | |
| <pre><code>$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'</code></pre><h2 id="description">DESCRIPTION</h2>
 | |
| <p>The audit command submits a description of the dependencies configured in
 | |
| your project to your default registry and asks for a report of known
 | |
| vulnerabilities. The report returned includes instructions on how to act on
 | |
| this information.</p>
 | |
| <p>You can also have npm automatically fix the vulnerabilities by running <code>npm
 | |
| audit fix</code>. Note that some vulnerabilities cannot be fixed automatically and
 | |
| will require manual intervention or review. Also note that since <code>npm audit fix</code>
 | |
| runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the
 | |
| installer will also apply to <code>npm install</code> -- so things like <code>npm audit fix
 | |
| --package-lock-only</code> will work as expected.</p>
 | |
| <h2 id="content-submitted">CONTENT SUBMITTED</h2>
 | |
| <ul>
 | |
| <li>npm_version</li>
 | |
| <li>node_version</li>
 | |
| <li>platform</li>
 | |
| <li>node_env</li>
 | |
| <li>A scrubbed version of your package-lock.json or npm-shrinkwrap.json</li>
 | |
| </ul>
 | |
| <h3 id="scrubbing">SCRUBBING</h3>
 | |
| <p>In order to ensure that potentially sensitive information is not included in
 | |
| the audit data bundle, some dependencies may have their names (and sometimes
 | |
| versions) replaced with opaque non-reversible identifiers.  It is done for
 | |
| the following dependency types:</p>
 | |
| <ul>
 | |
| <li>Any module referencing a scope that is configured for a non-default
 | |
| registry has its name scrubbed.  (That is, a scope you did a <code>npm login --scope=@ourscope</code> for.)</li>
 | |
| <li>All git dependencies have their names and specifiers scrubbed.</li>
 | |
| <li>All remote tarball dependencies have their names and specifiers scrubbed.</li>
 | |
| <li>All local directory and tarball dependencies have their names and specifiers scrubbed.</li>
 | |
| </ul>
 | |
| <p>The non-reversible identifiers are a sha256 of a session-specific UUID and the
 | |
| value being replaced, ensuring a consistent value within the payload that is
 | |
| different between runs.</p>
 | |
| <h2 id="see-also">SEE ALSO</h2>
 | |
| <ul>
 | |
| <li><a href="../cli/npm-install.html">npm-install(1)</a></li>
 | |
| <li><a href="../files/package-locks.html">package-locks(5)</a></li>
 | |
| <li><a href="../misc/config.html">config(7)</a></li>
 | |
| </ul>
 | |
| 
 | |
| </div>
 | |
| 
 | |
| <table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
 | |
| <tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr>
 | |
| <tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr>
 | |
| <tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr>
 | |
| <tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr>
 | |
| <tr><td style="width:10px;height:10px;background:#fff"> </td></tr>
 | |
| <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr>
 | |
| <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr>
 | |
| </table>
 | |
| <p id="footer">npm-audit — npm@6.5.0</p>
 | |
| 
 |