diff options
Diffstat (limited to 'deps/npm/html/doc/cli/npm-audit.html')
| -rw-r--r-- | deps/npm/html/doc/cli/npm-audit.html | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/deps/npm/html/doc/cli/npm-audit.html b/deps/npm/html/doc/cli/npm-audit.html new file mode 100644 index 0000000000..e7e9c74b02 --- /dev/null +++ b/deps/npm/html/doc/cli/npm-audit.html @@ -0,0 +1,88 @@ +<!doctype html> +<html> + <title>npm-audit</title> + <meta charset="utf-8"> + <link rel="stylesheet" type="text/css" href="../../static/style.css"> + <link rel="canonical" href="https://www.npmjs.org/doc/cli/npm-audit.html"> + <script async=true src="../../static/toc.js"></script> + + <body> + <div id="wrapper"> + +<h1><a href="../cli/npm-audit.html">npm-audit</a></h1> <p>Run a security audit</p> +<h2 id="synopsis">SYNOPSIS</h2> +<pre><code>npm audit [--json] +npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev] +</code></pre><h2 id="examples">EXAMPLES</h2> +<p>Scan your project for vulnerabilities and automatically install any compatible +updates to vulnerable dependencies:</p> +<pre><code>$ npm audit fix +</code></pre><p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the +pkglock:</p> +<pre><code>$ npm audit fix --package-lock-only +</code></pre><p>Skip updating <code>devDependencies</code>:</p> +<pre><code>$ npm audit fix --only=prod +</code></pre><p>Have <code>audit fix</code> install semver-major updates to toplevel dependencies, not just +semver-compatible ones:</p> +<pre><code>$ npm audit fix --force +</code></pre><p>Do a dry run to get an idea of what <code>audit fix</code> will do, and <em>also</em> output +install information in JSON format:</p> +<pre><code>$ npm audit fix --dry-run --json +</code></pre><p>Scan your project for vulnerabilities and just show the details, without fixing +anything:</p> +<pre><code>$ npm audit +</code></pre><p>Get the detailed audit report in JSON format:</p> +<pre><code>$ npm audit --json +</code></pre><h2 id="description">DESCRIPTION</h2> +<p>The audit command submits a description of the dependencies configured in +your project to your default registry and asks for a report of known +vulnerabilities. The report returned includes instructions on how to act on +this information.</p> +<p>You can also have npm automatically fix the vulnerabilities by running <code>npm +audit fix</code>. Note that some vulnerabilities cannot be fixed automatically and +will require manual intervention or review. Also note that since <code>npm audit fix</code> +runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the +installer will also apply to <code>npm install</code> -- so things like <code>npm audit fix +--package-lock-only</code> will work as expected.</p> +<h2 id="content-submitted">CONTENT SUBMITTED</h2> +<ul> +<li>npm_version</li> +<li>node_version</li> +<li>platform</li> +<li>node_env</li> +<li>A scrubbed version of your package-lock.json or npm-shrinkwrap.json</li> +</ul> +<h3 id="scrubbing">SCRUBBING</h3> +<p>In order to ensure that potentially sensitive information is not included in +the audit data bundle, some dependencies may have their names (and sometimes +versions) replaced with opaque non-reversible identifiers. It is done for +the following dependency types:</p> +<ul> +<li>Any module referencing a scope that is configured for a non-default +registry has its name scrubbed. (That is, a scope you did a <code>npm login --scope=@ourscope</code> for.)</li> +<li>All git dependencies have their names and specifiers scrubbed.</li> +<li>All remote tarball dependencies have their names and specifiers scrubbed.</li> +<li>All local directory and tarball dependencies have their names and specifiers scrubbed.</li> +</ul> +<p>The non-reversible identifiers are a sha256 of a session-specific UUID and the +value being replaced, ensuring a consistent value within the payload that is +different between runs.</p> +<h2 id="see-also">SEE ALSO</h2> +<ul> +<li><a href="../cli/npm-install.html">npm-install(1)</a></li> +<li><a href="../files/package-locks.html">package-locks(5)</a></li> +<li><a href="../misc/config.html">config(7)</a></li> +</ul> + +</div> + +<table border=0 cellspacing=0 cellpadding=0 id=npmlogo> +<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr> +<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr> +<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff"> </td></tr> +<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> +<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> +</table> +<p id="footer">npm-audit — npm@6.1.0</p> |