Auditing Package Security
The sad reality is that, sometimes, packages you use will be discovered to have security
vulnerabilities, just like any other software you use. But, being aware of this, the NPM
team has constructed a useful command for dealing with this:
npm audit
Running this command will scan your package.json file (or global packages if you
use -g) and submit the list of dependencies to the default NPM registry requesting a
report on any known vulnerabilities in them. This report will also include information on
how to remediate. But, if you want the quick answer, execute this command:
npm audit fix
That will cause NPM to update any vulnerable packages with the newest available
version that hasn’t had the vulnerability reported in it.
If you’d like to see a detailed audit report, execute
npm audit --json
or, if you prefer plain text
npm audit --readable
Finally, if you’d like to see what npm audit fix would do but without literally doing
it, you can use
npm audit fix --dry-run
Do'stlaringiz bilan baham: |