Added in: 4.3.0
Checks for known security issues with the installed packages.
If security issues are found, try to update your dependencies via
If a simple update does not fix all the issues, use overrides to force
versions that are not vulnerable. For instance, if
[email protected]<2.1.0 is vulnerable,
use this overrides to force
- Type: low, moderate, high, critical
- Default: low
Only print advisories with severity greater than or equal to
Output audit report in JSON format.
Only audit dev dependencies.
Only audit production dependencies.
Added in: v6.7.1
If the registry responds with a non-200 status code, the process should exit with 0. So the process will fail only if the registry actually successfully responds with found vulnerabilities.