Linux command
bun-audit 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Audit dependencies
bun audit
Only report high and critical
bun audit --audit-level=[high]
Audit only production dependencies
bun audit --prod
Ignore one or more vulnerabilities
bun audit --ignore [CVE-2023-12345] --ignore [CVE-2023-67890]
Output raw JSON
bun audit --json
说明
bun audit sends the list of installed packages and versions (resolved from bun.lock) to the npm registry and prints a report of any vulnerabilities returned. The registry cross-references the GitHub Advisory Database, so coverage matches what npm audit would report. The command categorizes findings by severity (low, moderate, high, critical) and covers direct dependencies, devDependencies, bundledDependencies, and optionalDependencies.
参数
- --audit-level=_level_
- Only report vulnerabilities of this severity or higher. Values: low, moderate, high, critical.
- --prod
- Audit only production dependencies, ignoring devDependencies.
- --ignore _CVE_
- Ignore a specific CVE. Can be repeated to ignore multiple advisories.
- --json
- Print the raw JSON response from the npm registry instead of the formatted report.
FAQ
What is the bun-audit command used for?
bun audit sends the list of installed packages and versions (resolved from bun.lock) to the npm registry and prints a report of any vulnerabilities returned. The registry cross-references the GitHub Advisory Database, so coverage matches what npm audit would report. The command categorizes findings by severity (low, moderate, high, critical) and covers direct dependencies, devDependencies, bundledDependencies, and optionalDependencies.
How do I run a basic bun-audit example?
Run `bun audit` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --audit-level=_level_ do in bun-audit?
Only report vulnerabilities of this severity or higher. Values: low, moderate, high, critical.