diff options
author | Rebecca Turner <me@re-becca.org> | 2018-04-20 18:26:37 -0700 |
---|---|---|
committer | Rebecca Turner <me@re-becca.org> | 2018-05-24 23:24:45 -0700 |
commit | 468ab4519e1b92473acefb22801497a1af6aebae (patch) | |
tree | bdac1d062cd4b094bde3a21147bab5d82c792ece /deps/npm/man/man1/npm-audit.1 | |
parent | ac8226115e2192a7a46ba07789fa5136f74223e1 (diff) | |
download | android-node-v8-468ab4519e1b92473acefb22801497a1af6aebae.tar.gz android-node-v8-468ab4519e1b92473acefb22801497a1af6aebae.tar.bz2 android-node-v8-468ab4519e1b92473acefb22801497a1af6aebae.zip |
deps: upgrade npm to 6.1.0
PR-URL: https://github.com/nodejs/node/pull/20190
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michaƫl Zasso <targos@protonmail.com>
Diffstat (limited to 'deps/npm/man/man1/npm-audit.1')
-rw-r--r-- | deps/npm/man/man1/npm-audit.1 | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/deps/npm/man/man1/npm-audit.1 b/deps/npm/man/man1/npm-audit.1 new file mode 100644 index 0000000000..8a4283d4cf --- /dev/null +++ b/deps/npm/man/man1/npm-audit.1 @@ -0,0 +1,132 @@ +.TH "NPM\-AUDIT" "1" "May 2018" "" "" +.SH "NAME" +\fBnpm-audit\fR \- Run a security audit +.SH SYNOPSIS +.P +.RS 2 +.nf +npm audit [\-\-json] +npm audit fix [\-\-force|\-\-package\-lock\-only|\-\-dry\-run|\-\-production|\-\-only=dev] +.fi +.RE +.SH EXAMPLES +.P +Scan your project for vulnerabilities and automatically install any compatible +updates to vulnerable dependencies: +.P +.RS 2 +.nf +$ npm audit fix +.fi +.RE +.P +Run \fBaudit fix\fP without modifying \fBnode_modules\fP, but still updating the +pkglock: +.P +.RS 2 +.nf +$ npm audit fix \-\-package\-lock\-only +.fi +.RE +.P +Skip updating \fBdevDependencies\fP: +.P +.RS 2 +.nf +$ npm audit fix \-\-only=prod +.fi +.RE +.P +Have \fBaudit fix\fP install semver\-major updates to toplevel dependencies, not just +semver\-compatible ones: +.P +.RS 2 +.nf +$ npm audit fix \-\-force +.fi +.RE +.P +Do a dry run to get an idea of what \fBaudit fix\fP will do, and \fIalso\fR output +install information in JSON format: +.P +.RS 2 +.nf +$ npm audit fix \-\-dry\-run \-\-json +.fi +.RE +.P +Scan your project for vulnerabilities and just show the details, without fixing +anything: +.P +.RS 2 +.nf +$ npm audit +.fi +.RE +.P +Get the detailed audit report in JSON format: +.P +.RS 2 +.nf +$ npm audit \-\-json +.fi +.RE +.SH DESCRIPTION +.P +The audit command submits a description of the dependencies configured in +your project to your default registry and asks for a report of known +vulnerabilities\. The report returned includes instructions on how to act on +this information\. +.P +You can also have npm automatically fix the vulnerabilities by running \fBnpm +audit fix\fP\|\. Note that some vulnerabilities cannot be fixed automatically and +will require manual intervention or review\. Also note that since \fBnpm audit fix\fP +runs a full\-fledged \fBnpm install\fP under the hood, all configs that apply to the +installer will also apply to \fBnpm install\fP \-\- so things like \fBnpm audit fix +\-\-package\-lock\-only\fP will work as expected\. +.SH CONTENT SUBMITTED +.RS 0 +.IP \(bu 2 +npm_version +.IP \(bu 2 +node_version +.IP \(bu 2 +platform +.IP \(bu 2 +node_env +.IP \(bu 2 +A scrubbed version of your package\-lock\.json or npm\-shrinkwrap\.json + +.RE +.SS SCRUBBING +.P +In order to ensure that potentially sensitive information is not included in +the audit data bundle, some dependencies may have their names (and sometimes +versions) replaced with opaque non\-reversible identifiers\. It is done for +the following dependency types: +.RS 0 +.IP \(bu 2 +Any module referencing a scope that is configured for a non\-default +registry has its name scrubbed\. (That is, a scope you did a \fBnpm login \-\-scope=@ourscope\fP for\.) +.IP \(bu 2 +All git dependencies have their names and specifiers scrubbed\. +.IP \(bu 2 +All remote tarball dependencies have their names and specifiers scrubbed\. +.IP \(bu 2 +All local directory and tarball dependencies have their names and specifiers scrubbed\. + +.RE +.P +The non\-reversible identifiers are a sha256 of a session\-specific UUID and the +value being replaced, ensuring a consistent value within the payload that is +different between runs\. +.SH SEE ALSO +.RS 0 +.IP \(bu 2 +npm help install +.IP \(bu 2 +npm help 5 package\-locks +.IP \(bu 2 +npm help 7 config + +.RE |