Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Not modify package.json when doing npm audit fix

I've updated my npm version, and I think npm audit is a new feature. When I run npm audit fix some of my packages versions are changed from package.json. I just want keep the packages as same as my coworkers

like image 736
vanio178 Avatar asked Aug 18 '18 04:08

vanio178


2 Answers

To answer the original question, if you really want to skip auditing completely when installing (for whatever reason, in my case I wanted to troubleshoot an exception when installing) you can use --no-audit flag:

npm install --no-audit
like image 118
tzachs Avatar answered Sep 20 '22 15:09

tzachs


npm audit fix is not must to get your app up and running. I use this command when I want to make sure that there is no potential security vulnerability so that git hub won't have any object against my project. In case you still want to use audit fix without changing rest files, try this commands

Run audit fix without modifying node_modules, but still updating the pkglock:

 $ npm audit fix --package-lock-only

Skip updating devDependencies:

  $ npm audit fix --only=prod

Do a dry run to get an idea of what audit fix will do, and also output install information in JSON format:

$ npm audit fix --dry-run --json

Check out this link for your future reference: https://docs.npmjs.com/cli/audit

like image 27
parag patel Avatar answered Sep 17 '22 15:09

parag patel