← 返回命令列表

Linux command

npm-audit 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Audit dependencies

npm audit

Fix vulnerabilities

npm audit fix

Force fix (breaking changes)

npm audit fix --force

Output as JSON

npm audit --json

Audit production only

npm audit --omit=dev

Set minimum severity level

npm audit --audit-level=[high]

Dry run fix

npm audit fix --dry-run

说明

npm audit scans project dependencies for known security vulnerabilities by checking them against the npm advisory database. It reports the severity level (low, moderate, high, critical), the vulnerable package, and the dependency path. The npm audit fix subcommand automatically installs compatible updates to resolve vulnerabilities. Using --force allows major version updates that may introduce breaking changes. The command exits with a non-zero code if vulnerabilities are found, making it suitable for CI/CD pipelines.

参数

fix
Automatically install compatible updates to fix vulnerabilities.
--force
Force updates to latest version, even with breaking changes.
--json
Output results in JSON format.
--omit _TYPE_
Omit dependency type from audit (dev, optional, or peer). Replaces deprecated --production flag.
--audit-level _LEVEL_
Minimum severity to trigger non-zero exit: low, moderate, high, critical.
--dry-run
Preview what audit fix would change without applying.
--package-lock-only
Only modify package-lock.json, skip node_modules updates.
--parseable
Display vulnerabilities in parseable output format.
-h, --help
Display help information.

FAQ

What is the npm-audit command used for?

npm audit scans project dependencies for known security vulnerabilities by checking them against the npm advisory database. It reports the severity level (low, moderate, high, critical), the vulnerable package, and the dependency path. The npm audit fix subcommand automatically installs compatible updates to resolve vulnerabilities. Using --force allows major version updates that may introduce breaking changes. The command exits with a non-zero code if vulnerabilities are found, making it suitable for CI/CD pipelines.

How do I run a basic npm-audit example?

Run `npm audit` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does fix do in npm-audit?

Automatically install compatible updates to fix vulnerabilities.