Added in: v4.3.0
Checks for known security issues with the installed packages.
If security issues are found, try to update your dependencies via
pnpm update. If a simple update does not fix all the issues, use overrides to force versions that are not vulnerable. For instance, if
lodash@<2.1.0 is vulnerable, use this overrides to force
Or alternatively, run
pnpm audit --fix.
- Type: low, moderate, high, critical
- Default: low
Only print advisories with severity greater than or equal to
Added in: v6.11.0
Add overrides to the
package.json file in order to force non-vulnerable versions of the dependencies.
Output audit report in JSON format.
Only audit dev dependencies.
Only audit production dependencies.
Added in: v6.7.1
If the registry responds with a non-200 status code, the process should exit with 0. So the process will fail only if the registry actually successfully responds with found vulnerabilities.