Current Behavior:
Sorry for the ridiculously long title, I couldn't find a way to distill it into fewer words.
This may not be a bug, but it's certainly unexpected behavior.
Basically, when you install packages in a folder without a package.json, some basic auditing happens at the end. I see "Found vulnerabilities (<y> low, <z> moderate, <α> high, <β> critical". However, if I then do an audit myself (npm audit or npm audit fix), I get the title error, Cannot audit a project without a package.json.
Expected Behavior:
Either:
npm audit works with a package-lock.json, regardless of the existence of package.json, ornpm audit doesn't happen during npm install, or- Some warning during the installation audit saying something like "We weren't able to produce an accurate auditing, but this is an approximate one:"
I suggest 1, for obvious reasons.
Steps To Reproduce:
mkdir test/
cd test/
npm install posthtml // "found 572 vulnerabilities..."
npm audit // "Cannot audit a project without a package.json"
Environment:
OS: Ubuntu 20.04
node -v: v14.5.0
npm -v: 6.14.7
Current Behavior:
Sorry for the ridiculously long title, I couldn't find a way to distill it into fewer words.
This may not be a bug, but it's certainly unexpected behavior.
Basically, when you install packages in a folder without a package.json, some basic auditing happens at the end. I see "Found vulnerabilities (<y> low, <z> moderate, <α> high, <β> critical". However, if I then do an audit myself (
npm auditornpm audit fix), I get the title error,Cannot audit a project without a package.json.Expected Behavior:
Either:
npm auditworks with apackage-lock.json, regardless of the existence ofpackage.json, ornpm auditdoesn't happen duringnpm install, orI suggest 1, for obvious reasons.
Steps To Reproduce:
Environment:
OS: Ubuntu 20.04
node -v: v14.5.0
npm -v: 6.14.7