Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] npm audit: add audit-level 'None' / 'Ignore' #1182

Closed
valentijnscholten opened this issue Apr 20, 2020 · 1 comment
Closed

[FEATURE] npm audit: add audit-level 'None' / 'Ignore' #1182

valentijnscholten opened this issue Apr 20, 2020 · 1 comment
Labels
Enhancement new feature or improvement

Comments

@valentijnscholten
Copy link

valentijnscholten commented Apr 20, 2020
edited

What / Why

Currently npm audit supports 4 audit levels: (low|moderate|high|critical)
(https://docs.npmjs.com/cli/audit). This determines a threshold for when the audit will exit with a non-zero exit code. In CI environments sometimes you just want to generate a report with findings and send it somewhere. In that case you don't want a non-zero exit code.

As a security analyst I would like to be able to generate a npm audit report that only generates the report and doesn't actually perform judgement on the vulnerabilities found.

So something like:
npm audit --audit-level=none
npm audit --audit-level=ignore
or, if we want it to make sense as a threshold:
npm audit --audit-level=infinite
@darcyclarke darcyclarke added the Enhancement new feature or improvement label Oct 30, 2020
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is reproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

@amark-axcient amark-axcient mentioned this issue Apr 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement new feature or improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@darcyclarke @valentijnscholten