Menu
In npm version 6.0.0, executing the npm install command reports this message:
up to date in 13.576s
[!] 52 vulnerabilities found [15904 packages audited]
Severity: 8 low | 40 moderate | 4 high
Run `npm audit` for more detail
Why does this appear, and how can it be disabled?
269
If no security vulnerabilities are found, this means that packages with known vulnerabilities were not found in your package dependency tree. Since the advisory database can be updated at any time, we recommend regularly running npm audit manually, or adding npm audit to your continuous integration process.
The npm audit command will exit with a 0 exit code if no vulnerabilities were found. The npm audit fix command will exit with 0 exit code if no vulnerabilities are found or if the remediation is able to successfully fix all vulnerabilities.
It’s a new feature, introduced with npm@6. It shows all vulnerabilities your dependencies got (excluding peerDependencies)
You can disable the warning for single package installations with the --no-audit flag.
To deactivate it for all installations you can execute npm set audit false
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
