diff options
Diffstat (limited to 'deps/node/deps/npm/doc/cli/npm-audit.md')
| -rw-r--r-- | deps/node/deps/npm/doc/cli/npm-audit.md | 106 |
1 files changed, 0 insertions, 106 deletions
diff --git a/deps/node/deps/npm/doc/cli/npm-audit.md b/deps/node/deps/npm/doc/cli/npm-audit.md deleted file mode 100644 index 4c6d7174..00000000 --- a/deps/node/deps/npm/doc/cli/npm-audit.md +++ /dev/null @@ -1,106 +0,0 @@ -npm-audit(1) -- Run a security audit -==================================== - -## SYNOPSIS - - npm audit [--json|--parseable] - npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev] - -## EXAMPLES - -Scan your project for vulnerabilities and automatically install any compatible -updates to vulnerable dependencies: -``` -$ npm audit fix -``` - -Run `audit fix` without modifying `node_modules`, but still updating the -pkglock: -``` -$ npm audit fix --package-lock-only -``` - -Skip updating `devDependencies`: -``` -$ npm audit fix --only=prod -``` - -Have `audit fix` install semver-major updates to toplevel dependencies, not just -semver-compatible ones: -``` -$ npm audit fix --force -``` - -Do a dry run to get an idea of what `audit fix` will do, and _also_ output -install information in JSON format: -``` -$ npm audit fix --dry-run --json -``` - -Scan your project for vulnerabilities and just show the details, without fixing -anything: -``` -$ npm audit -``` - -Get the detailed audit report in JSON format: -``` -$ npm audit --json -``` - -Get the detailed audit report in plain text result, separated by tab characters, allowing for -future reuse in scripting or command line post processing, like for example, selecting -some of the columns printed: -``` -$ npm audit --parseable -``` - -To parse columns, you can use for example `awk`, and just print some of them: -``` -$ npm audit --parseable | awk -F $'\t' '{print $1,$4}' -``` - -## DESCRIPTION - -The audit command submits a description of the dependencies configured in -your project to your default registry and asks for a report of known -vulnerabilities. The report returned includes instructions on how to act on -this information. - -You can also have npm automatically fix the vulnerabilities by running `npm -audit fix`. Note that some vulnerabilities cannot be fixed automatically and -will require manual intervention or review. Also note that since `npm audit fix` -runs a full-fledged `npm install` under the hood, all configs that apply to the -installer will also apply to `npm install` -- so things like `npm audit fix ---package-lock-only` will work as expected. - -## CONTENT SUBMITTED - -* npm_version -* node_version -* platform -* node_env -* A scrubbed version of your package-lock.json or npm-shrinkwrap.json - -### SCRUBBING - -In order to ensure that potentially sensitive information is not included in -the audit data bundle, some dependencies may have their names (and sometimes -versions) replaced with opaque non-reversible identifiers. It is done for -the following dependency types: - -* Any module referencing a scope that is configured for a non-default - registry has its name scrubbed. (That is, a scope you did a `npm login --scope=@ourscope` for.) -* All git dependencies have their names and specifiers scrubbed. -* All remote tarball dependencies have their names and specifiers scrubbed. -* All local directory and tarball dependencies have their names and specifiers scrubbed. - -The non-reversible identifiers are a sha256 of a session-specific UUID and the -value being replaced, ensuring a consistent value within the payload that is -different between runs. - -## SEE ALSO - -* npm-install(1) -* package-locks(5) -* config(7) |