File manager

File manager - Edit - /usr/local/lib/node_modules/npm/html/doc/cli/npm-audit.html

Back
<!doctype html> <html> <title>npm-audit</title> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="../../static/style.css"> <link rel="canonical" href="https://www.npmjs.org/doc/cli/npm-audit.html"> <script async=true src="../../static/toc.js"></script> <body> <div id="wrapper"> <h1><a href="../cli/npm-audit.html">npm-audit</a></h1> <p>Run a security audit</p> <h2 id="synopsis">SYNOPSIS</h2> <pre><code>npm audit [--json] npm audit fix [--force\|--package-lock-only\|--dry-run\|--production\|--only=dev] </code></pre><h2 id="examples">EXAMPLES</h2> <p>Scan your project for vulnerabilities and automatically install any compatible updates to vulnerable dependencies:</p> <pre><code>$ npm audit fix </code></pre><p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the pkglock:</p> <pre><code>$ npm audit fix --package-lock-only </code></pre><p>Skip updating <code>devDependencies</code>:</p> <pre><code>$ npm audit fix --only=prod </code></pre><p>Have <code>audit fix</code> install semver-major updates to toplevel dependencies, not just semver-compatible ones:</p> <pre><code>$ npm audit fix --force </code></pre><p>Do a dry run to get an idea of what <code>audit fix</code> will do, and <em>also</em> output install information in JSON format:</p> <pre><code>$ npm audit fix --dry-run --json </code></pre><p>Scan your project for vulnerabilities and just show the details, without fixing anything:</p> <pre><code>$ npm audit </code></pre><p>Get the detailed audit report in JSON format:</p> <pre><code>$ npm audit --json </code></pre><h2 id="description">DESCRIPTION</h2> <p>The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. The report returned includes instructions on how to act on this information.</p> <p>You can also have npm automatically fix the vulnerabilities by running <code>npm audit fix</code>. Note that some vulnerabilities cannot be fixed automatically and will require manual intervention or review. Also note that since <code>npm audit fix</code> runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the installer will also apply to <code>npm install</code> -- so things like <code>npm audit fix --package-lock-only</code> will work as expected.</p> <h2 id="content-submitted">CONTENT SUBMITTED</h2> <ul> <li>npm_version</li> <li>node_version</li> <li>platform</li> <li>node_env</li> <li>A scrubbed version of your package-lock.json or npm-shrinkwrap.json</li> </ul> <h3 id="scrubbing">SCRUBBING</h3> <p>In order to ensure that potentially sensitive information is not included in the audit data bundle, some dependencies may have their names (and sometimes versions) replaced with opaque non-reversible identifiers. It is done for the following dependency types:</p> <ul> <li>Any module referencing a scope that is configured for a non-default registry has its name scrubbed. (That is, a scope you did a <code>npm login --scope=@ourscope</code> for.)</li> <li>All git dependencies have their names and specifiers scrubbed.</li> <li>All remote tarball dependencies have their names and specifiers scrubbed.</li> <li>All local directory and tarball dependencies have their names and specifiers scrubbed.</li> </ul> <p>The non-reversible identifiers are a sha256 of a session-specific UUID and the value being replaced, ensuring a consistent value within the payload that is different between runs.</p> <h2 id="see-also">SEE ALSO</h2> <ul> <li><a href="../cli/npm-install.html">npm-install(1)</a></li> <li><a href="../files/package-locks.html">package-locks(5)</a></li> <li><a href="../misc/config.html">config(7)</a></li> </ul> </div> <table border=0 cellspacing=0 cellpadding=0 id=npmlogo> <tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr> <tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr> <tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr> <tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr> <tr><td style="width:10px;height:10px;background:#fff"> </td></tr> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> <p id="footer">npm-audit — npm@6.1.0</p>

| ver. 1.4 | Github | . | PHP 8.3.31 | Generation time: 0 | proxy | phpinfo | Settings