UNPKG

npmc

Version:

a package manager for JavaScript

docs.npmjs.com

npm/npm

49 lines (35 loc) 1.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
npm-audit(1) -- Run a security audit ==================================== ## SYNOPSIS npm audit npm audit fix ## DESCRIPTION The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. The report returned includes instructions on how to act on this information. You can also have npm automatically fix the vulnerabilities by running `npm audit fix`. Note that some vulnerabilities cannot be fixed automatically and will require manual intervention or review. ## CONTENT SUBMITTED * npm_version * node_version * platform * node_env * A scrubbed version of your package-lock.json or npm-shrinkwrap.json ### SCRUBBING In order to ensure that potentially sensitive information is not included in the audit data bundle, some dependencies may have their names (and sometimes versions) replaced with opaque non-reversible identifiers. It is done for the following dependency types: * Any module referencing a scope that is configured for a non-default registry has its name scrubbed. (That is, a scope you did a `npm login --scope=@ourscope` for.) * All git dependencies have their names and specifiers scrubbed. * All remote tarball dependencies have their names and specifiers scrubbed. * All local directory and tarball dependencies have their names and specifiers scrubbed. The non-reversible identifiers are a sha256 of a session-specific UUID and the value being replaced, ensuring a consistent value within the payload that is different between runs. ## SEE ALSO * npm-install(1) * config(7)