3.0.1 • Published 11 months ago

aud v3.0.1

Weekly downloads
26,063
License
MIT
Repository
github
Last release
11 months ago

END OF LIFE

Thanks to the wonderful folks at npm, in npm v10.2+, after 6 years, npm audit no longer requires a lockfile!

Therefore, you should no longer use aud. Instead, use npx npm@'>=10.2' audit --production.

aud Version Badge

License Downloads

npm badge

Use npx aud instead of npm audit, whether you have a lockfile or not!

It's a great idea to run npm audit in CI; it ensures that you don't unknowingly have vulnerabilities in your dep graph.

Unfortunately, it doesn't work without a lockfile :crying_cat_face: and only apps should have lockfiles. It also requires npm v6 or above.

Now, instead of npm audit, you can run npx aud! If your repo has a lockfile, it will just run npm audit; if it does not, it will use npm-lockfile to copy your package.json and your currently configured audit level (npm config get audit-level) to a temp dir that has the proper version of npm installed, it will use npm install --package-lock-only to create a temporary lockfile, and it will run npm audit there. On exit, all the temp dirs will get cleaned up.

aud fix without a lockfile present will throw npm audit's normal "no lockfile" error, since there's no way to preserve fixes to transitive dependencies.

auditlockfileshrinkwrapnpmaudit
tmpcolorslibnpxsemvernode-cleanupnpm-lockfilefind-package-json
@everything-registry/sub-chunk-11801te
3.0.1

11 months ago

3.0.0

11 months ago

2.0.5

11 months ago

2.0.4

2 years ago

2.0.3

2 years ago

2.0.2

2 years ago

2.0.1

3 years ago

2.0.0

3 years ago

1.1.5

4 years ago

1.1.4

4 years ago

1.1.3

5 years ago

1.1.2

5 years ago

1.1.1

5 years ago

1.1.0

5 years ago

1.0.0

6 years ago