npm audit
运行安全审计
概要
npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
npm audit fix [--force|--package-lock-only|--dry-run]
common options: [--production] [--only=(dev|prod)]
示例
扫描您的项目是否存在漏洞,并自动为易受攻击的依赖项安装任何兼容更新:
$ npm audit fix
在不修改 node_modules 的情况下运行 audit fix,但仍然更新 pkglock:
$ npm audit fix --package-lock-only
跳过更新 devDependencies:
$ npm audit fix --only=prod
让 audit fix 为顶级依赖项安装 semver-major 更新,而不仅仅是与 semver 兼容的更新:
$ npm audit fix --force
pOxhmLUE8OoPzi+wt+WF/TO8rfjVUDlfoi4ALSazrCE8Vh126REkEz/Bk+JXgOqFvZWXJZRCO9PRgc9vn2NlOrGlU0MOIxvnwLBBvYv7bzwiBpfoulOaeizKM/hX7f0zPHTeBkslqF1LifwoLfrx7A==
$ npm audit fix --dry-run --json
MhSYcn/AqwyxqSiwDxBgxC5534VJL37YWFLjCEHlyXlrjBC2ER/X7olBmGyQBTn4kOiu22HYYPo03/l5zOKuNf9Jzf99/oP5gdG7yTur/0wZLQmRjhelk27bKTPDi9xY
$ npm audit
F+6Y6gTqQLxrE8G94ngClEl1HcPz6j8UyZBhjnHwIWOQgc33uGz4yC3sJ/7f3qz+
$ npm audit --json
uRXjwMc6TiAMeYLQw7YkQuIzCTfJlKTV2NtFir9TJrOMuQ7HmW+aYXVbXzH6/p662lSCXTdvY5u4wOq0da7FYu1EaB96WkwkMyCZV7QzAn74tjNqlNoQ0XyfybCPcApFeD0sceWM5nJ/tMYAG0pktbj6CZSfYFJU/kvzi+53uZo6b6OgBrLHytbawI3SF1rd0CDFzL9tj8EQ/djIV75ehXlBRo8kdUnp5amnsqdatOY=
$ npm audit --parseable
QX/4vIZ4TmxbHFgpLshEGb8J1h88aemcV4odL+XOeI41xljT9hnOm2OgnyvUjMKRpdYZoknQ+B455VcUy1afhUkhZ0sjuvXwo/WSShQ+nkGB3CLNbrGnN/5OouD9EkDZ
$ npm audit --parseable | awk -F