You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently npm audit supports 4 audit levels: (low|moderate|high|critical)
(https://docs.npmjs.com/cli/audit). This determines a threshold for when the audit will exit with a non-zero exit code. In CI environments sometimes you just want to generate a report with findings and send it somewhere. In that case you don't want a non-zero exit code.
As a security analyst I would like to be able to generate a npm audit report that only generates the report and doesn't actually perform judgement on the vulnerabilities found.
So something like: npm audit --audit-level=none npm audit --audit-level=ignore
or, if we want it to make sense as a threshold: npm audit --audit-level=infinite
The text was updated successfully, but these errors were encountered:
npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.
If your bug is reproducible on v7, please re-file this issue using our new issue template.
If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo
What / Why
Currently
npm audit
supports 4 audit levels:(low|moderate|high|critical)
(https://docs.npmjs.com/cli/audit). This determines a threshold for when the audit will exit with a non-zero exit code. In CI environments sometimes you just want to generate a report with findings and send it somewhere. In that case you don't want a non-zero exit code.
As a security analyst I would like to be able to generate a npm audit report that only generates the report and doesn't actually perform judgement on the vulnerabilities found.
So something like:
npm audit --audit-level=none
npm audit --audit-level=ignore
or, if we want it to make sense as a threshold:
npm audit --audit-level=infinite
The text was updated successfully, but these errors were encountered: