2.0.4 • Published 5 months ago

aud v2.0.4

Weekly downloads
26,063
License
MIT
Repository
github
Last release
5 months ago

aud Version Badge

dependency status dev dependency status License Downloads

npm badge

Use npx aud instead of npm audit, whether you have a lockfile or not!

It's a great idea to run npm audit in CI; it ensures that you don't unknowingly have vulnerabilities in your dep graph.

Unfortunately, it doesn't work without a lockfile :crying_cat_face: and only apps should have lockfiles. It also requires npm v6 or above.

Now, instead of npm audit, you can run npx aud! If your repo has a lockfile, it will just run npm audit; if it does not, it will use npm-lockfile to copy your package.json and your currently configured audit level (npm config get audit-level) to a temp dir that has the proper version of npm installed, it will use npm install --package-lock-only to create a temporary lockfile, and it will run npm audit there. On exit, all the temp dirs will get cleaned up.

aud fix without a lockfile present will throw npm audit's normal "no lockfile" error, since there's no way to preserve fixes to transitive dependencies.

auditlockfileshrinkwrapnpmaudit
colorsfind-package-jsonlibnpxnode-cleanupnpm-lockfilerimrafsemvertmp
@everything-registry/sub-chunk-11801te
2.0.4

5 months ago

2.0.3

10 months ago

2.0.2

1 year ago

2.0.1

2 years ago

2.0.0

2 years ago

1.1.5

3 years ago

1.1.4

3 years ago

1.1.3

3 years ago

1.1.2

4 years ago

1.1.1

4 years ago

1.1.0

4 years ago

1.0.0

5 years ago