You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: deps/npm/docs/content/commands/npm-audit.md
+31Lines changed: 31 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,6 +32,13 @@ vulnerability is found. It may be useful in CI environments to include the
32
32
will cause the command to fail. This option does not filter the report
33
33
output, it simply changes the command's failure threshold.
34
34
35
+
### Package lock
36
+
37
+
By default npm requires a package-lock or shrinkwrap in order to run the
38
+
audit. You can bypass the package lock with `--no-package-lock` but be
39
+
aware the results may be different with every run, since npm will
40
+
re-build the dependency tree each time.
41
+
35
42
### Audit Signatures
36
43
37
44
To ensure the integrity of packages you download from the public npm registry, or any registry that supports signatures, you can verify the registry signatures of downloaded packages using the npm CLI.
@@ -321,6 +328,16 @@ For `list` this means the output will be based on the tree described by the
321
328
322
329
323
330
331
+
#### `package-lock`
332
+
333
+
* Default: true
334
+
* Type: Boolean
335
+
336
+
If set to false, then ignore `package-lock.json` files when installing. This
337
+
will also prevent _writing_`package-lock.json` if `save` is true.
338
+
339
+
340
+
324
341
#### `omit`
325
342
326
343
* Default: 'dev' if the `NODE_ENV` environment variable is set to
@@ -341,6 +358,20 @@ variable will be set to `'production'` for all lifecycle scripts.
341
358
342
359
343
360
361
+
#### `include`
362
+
363
+
* Default:
364
+
* Type: "prod", "dev", "optional", or "peer" (can be set multiple times)
365
+
366
+
Option that allows for defining which types of dependencies to install.
367
+
368
+
This is the inverse of `--omit=<type>`.
369
+
370
+
Dependency types specified in `--include` will not be omitted, regardless of
371
+
the order in which omit/include are specified on the command-line.
0 commit comments