跳至主要內容
版本:下一個

pnpm audit

在已安裝的套件中檢查已知的安全性問題。

如果有發現安全性問題,請嘗試透過 pnpm update 來更新您的套件。 如果簡單的更新沒有辦法解決所有問題,請使用 overrides 來強制更新不易受攻擊的版本。 例如,若 lodash@<2.1.0 已容易受到攻擊,可使用 overrides 強制使用 lodash@^2.1.0

package.json
{
"pnpm": {
"overrides": {
"lodash@<2.1.0": "^2.1.0"
}
}
}

或是,執行 pnpm audit --fix

If you want to tolerate some vulnerabilities as they don't affect your project, you may use the pnpm.auditConfig.ignoreCves setting.

選項

--audit-level <severity>

  • 型態: low, moderate, high, critical
  • 預設: low

Only print advisories with severity greater than or equal to <severity>.

--fix

Add overrides to the package.json file in order to force non-vulnerable versions of the dependencies.

--json

Output audit report in JSON format.

--dev, -D

Only audit dev dependencies.

--prod, -P

Only audit production dependencies.

--no-optional

Don't audit optionalDependencies.

--ignore-registry-errors

If the registry responds with a non-200 status code, the process should exit with 0. So the process will fail only if the registry actually successfully responds with found vulnerabilities.