summaryrefslogtreecommitdiff
path: root/deps/node/deps/npm/man/man1/npm-audit.1
diff options
context:
space:
mode:
Diffstat (limited to 'deps/node/deps/npm/man/man1/npm-audit.1')
-rw-r--r--deps/node/deps/npm/man/man1/npm-audit.1150
1 files changed, 0 insertions, 150 deletions
diff --git a/deps/node/deps/npm/man/man1/npm-audit.1 b/deps/node/deps/npm/man/man1/npm-audit.1
deleted file mode 100644
index dee3bb03..00000000
--- a/deps/node/deps/npm/man/man1/npm-audit.1
+++ /dev/null
@@ -1,150 +0,0 @@
-.TH "NPM\-AUDIT" "1" "January 2019" "" ""
-.SH "NAME"
-\fBnpm-audit\fR \- Run a security audit
-.SH SYNOPSIS
-.P
-.RS 2
-.nf
-npm audit [\-\-json|\-\-parseable]
-npm audit fix [\-\-force|\-\-package\-lock\-only|\-\-dry\-run|\-\-production|\-\-only=dev]
-.fi
-.RE
-.SH EXAMPLES
-.P
-Scan your project for vulnerabilities and automatically install any compatible
-updates to vulnerable dependencies:
-.P
-.RS 2
-.nf
-$ npm audit fix
-.fi
-.RE
-.P
-Run \fBaudit fix\fP without modifying \fBnode_modules\fP, but still updating the
-pkglock:
-.P
-.RS 2
-.nf
-$ npm audit fix \-\-package\-lock\-only
-.fi
-.RE
-.P
-Skip updating \fBdevDependencies\fP:
-.P
-.RS 2
-.nf
-$ npm audit fix \-\-only=prod
-.fi
-.RE
-.P
-Have \fBaudit fix\fP install semver\-major updates to toplevel dependencies, not just
-semver\-compatible ones:
-.P
-.RS 2
-.nf
-$ npm audit fix \-\-force
-.fi
-.RE
-.P
-Do a dry run to get an idea of what \fBaudit fix\fP will do, and \fIalso\fR output
-install information in JSON format:
-.P
-.RS 2
-.nf
-$ npm audit fix \-\-dry\-run \-\-json
-.fi
-.RE
-.P
-Scan your project for vulnerabilities and just show the details, without fixing
-anything:
-.P
-.RS 2
-.nf
-$ npm audit
-.fi
-.RE
-.P
-Get the detailed audit report in JSON format:
-.P
-.RS 2
-.nf
-$ npm audit \-\-json
-.fi
-.RE
-.P
-Get the detailed audit report in plain text result, separated by tab characters, allowing for
-future reuse in scripting or command line post processing, like for example, selecting
-some of the columns printed:
-.P
-.RS 2
-.nf
-$ npm audit \-\-parseable
-.fi
-.RE
-.P
-To parse columns, you can use for example \fBawk\fP, and just print some of them:
-.P
-.RS 2
-.nf
-$ npm audit \-\-parseable | awk \-F $'\\t' '{print $1,$4}'
-.fi
-.RE
-.SH DESCRIPTION
-.P
-The audit command submits a description of the dependencies configured in
-your project to your default registry and asks for a report of known
-vulnerabilities\. The report returned includes instructions on how to act on
-this information\.
-.P
-You can also have npm automatically fix the vulnerabilities by running \fBnpm
-audit fix\fP\|\. Note that some vulnerabilities cannot be fixed automatically and
-will require manual intervention or review\. Also note that since \fBnpm audit fix\fP
-runs a full\-fledged \fBnpm install\fP under the hood, all configs that apply to the
-installer will also apply to \fBnpm install\fP \-\- so things like \fBnpm audit fix
-\-\-package\-lock\-only\fP will work as expected\.
-.SH CONTENT SUBMITTED
-.RS 0
-.IP \(bu 2
-npm_version
-.IP \(bu 2
-node_version
-.IP \(bu 2
-platform
-.IP \(bu 2
-node_env
-.IP \(bu 2
-A scrubbed version of your package\-lock\.json or npm\-shrinkwrap\.json
-
-.RE
-.SS SCRUBBING
-.P
-In order to ensure that potentially sensitive information is not included in
-the audit data bundle, some dependencies may have their names (and sometimes
-versions) replaced with opaque non\-reversible identifiers\. It is done for
-the following dependency types:
-.RS 0
-.IP \(bu 2
-Any module referencing a scope that is configured for a non\-default
-registry has its name scrubbed\. (That is, a scope you did a \fBnpm login \-\-scope=@ourscope\fP for\.)
-.IP \(bu 2
-All git dependencies have their names and specifiers scrubbed\.
-.IP \(bu 2
-All remote tarball dependencies have their names and specifiers scrubbed\.
-.IP \(bu 2
-All local directory and tarball dependencies have their names and specifiers scrubbed\.
-
-.RE
-.P
-The non\-reversible identifiers are a sha256 of a session\-specific UUID and the
-value being replaced, ensuring a consistent value within the payload that is
-different between runs\.
-.SH SEE ALSO
-.RS 0
-.IP \(bu 2
-npm help install
-.IP \(bu 2
-npm help 5 package\-locks
-.IP \(bu 2
-npm help 7 config
-
-.RE