My question is about how to enable npm audit command in my npm enterprise registry
When I am trying to run npm audit command i am getting the following error
{
"error": {
"code": "ENOAUDIT",
"summary": "Your configured registry (https://registry.npmjs.mydomain/) does not support audit requests.",
"detail": ""
}
}
Here is my research
I tried with the following command and its working
npm audit --json --registry https://registry.npmjs.org/
But when I use
npm audit --json --registry https://registry.npmjs.mydomain/
It does not work. How can I configure to make my registry to work with npm audit command
If the chain of metavulnerabilities extends all the way to the root project, and it cannot be updated without changing its dependency ranges, then npm audit fix will require the --force option to apply the remediation.
You can show the registry of a specific package with the npm view command. When you use npm config get registry you will see the default registry.
I have the same problem. We're using artifactory for private npm registry which doesn't support npm audit yet. Simplest solution which works for me is:
npm audit --registry=https://registry.npmjs.org
Alternative solution:
npm set registry https://registry.npmjs.org
npm audit
/ npm audit fix
Update 2020
In case of artifactory private npm registry - It does support npm audit now, so you can use npm audit
/ npm audit fix
there without any additional configuration. But if your private npm registry still doesn't support npm audit – steps above will be valid for you.
Jfrog Artifactory now fully support the 'npm audit' command (since version 6.10)
Furthermore, Using Jfrog Xray in combination with Artifactory will also enrich the audit report with more vulnerabilities and security info From Xray database.
https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With