Skip to main content
Version: Next

pnpm audit

Added in: v4.3.0

Checks for known security issues with the installed packages.

If security issues are found, try to update your dependencies via pnpm update. If a simple update does not fix all the issues, use overrides to force versions that are not vulnerable. For instance, if [email protected]<2.1.0 is vulnerable, use this overrides to force [email protected]^2.1.0:

{    "pnpm": {        "overrides": {            "[email protected]<2.1.0": "^2.1.0"        }    }}

Or alternatively, run pnpm audit --fix.


--audit-level <severity>#

  • Type: low, moderate, high, critical
  • Default: low

Only print advisories with severity greater than or equal to <severity>.


Added in: v6.11.0

Add overrides to the package.json file in order to force non-vulnerable versions of the dependencies.


Output audit report in JSON format.

--dev, -D#

Only audit dev dependencies.

--prod, -P#

Only audit production dependencies.


Don't audit optionalDependencies.


Added in: v6.7.1

If the registry responds with a non-200 status code, the process should exit with 0. So the process will fail only if the registry actually successfully responds with found vulnerabilities.