Menu
As stated in the official npm documentation you can manually run npm audit on locally installed packages, which must have both package.json and package-lock.json files.
Globally installed packages doesn't have package-lock.json, if you run an audit it will trow an error: npm ERR! code EAUDITNOLOCK
How can I run npm audit on all globally installed packages?
695
To check for all globally installed packages and its dependencies, run the npm list command followed by the -g flag. This above command prints the all globally installed packages in tree view. You can also check if a specific package is installed globally or not using the npm list -g followed by package name.
Description. The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. If any vulnerabilities are found, then the impact and appropriate remediation will be calculated.
It's good to keep them up-to-date.
That's not really auditing, but with few as possible global packages, this should be fine enough.
there is npm-check-updates or alternatively npm-check
npm install -g npm-check-updates check outdated global packages:
ncu -g OR
as recommended by @pldg via npx
npx npm-check-updates -g OR
as recommended by @wheredidthatnamecomefrom
npx npm-global-audit this is a script running with yarn. it does a temporary copy of your current global packages. see more on their github.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
