Simple email application for Android. Original source code: https://framagit.org/dystopia-project/simple-email
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

106 lines
3.1 KiB

  1. npm-audit(1) -- Run a security audit
  2. ====================================
  3. ## SYNOPSIS
  4. npm audit [--json|--parseable]
  5. npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
  6. ## EXAMPLES
  7. Scan your project for vulnerabilities and automatically install any compatible
  8. updates to vulnerable dependencies:
  9. ```
  10. $ npm audit fix
  11. ```
  12. Run `audit fix` without modifying `node_modules`, but still updating the
  13. pkglock:
  14. ```
  15. $ npm audit fix --package-lock-only
  16. ```
  17. Skip updating `devDependencies`:
  18. ```
  19. $ npm audit fix --only=prod
  20. ```
  21. Have `audit fix` install semver-major updates to toplevel dependencies, not just
  22. semver-compatible ones:
  23. ```
  24. $ npm audit fix --force
  25. ```
  26. Do a dry run to get an idea of what `audit fix` will do, and _also_ output
  27. install information in JSON format:
  28. ```
  29. $ npm audit fix --dry-run --json
  30. ```
  31. Scan your project for vulnerabilities and just show the details, without fixing
  32. anything:
  33. ```
  34. $ npm audit
  35. ```
  36. Get the detailed audit report in JSON format:
  37. ```
  38. $ npm audit --json
  39. ```
  40. Get the detailed audit report in plain text result, separated by tab characters, allowing for
  41. future reuse in scripting or command line post processing, like for example, selecting
  42. some of the columns printed:
  43. ```
  44. $ npm audit --parseable
  45. ```
  46. To parse columns, you can use for example `awk`, and just print some of them:
  47. ```
  48. $ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
  49. ```
  50. ## DESCRIPTION
  51. The audit command submits a description of the dependencies configured in
  52. your project to your default registry and asks for a report of known
  53. vulnerabilities. The report returned includes instructions on how to act on
  54. this information.
  55. You can also have npm automatically fix the vulnerabilities by running `npm
  56. audit fix`. Note that some vulnerabilities cannot be fixed automatically and
  57. will require manual intervention or review. Also note that since `npm audit fix`
  58. runs a full-fledged `npm install` under the hood, all configs that apply to the
  59. installer will also apply to `npm install` -- so things like `npm audit fix
  60. --package-lock-only` will work as expected.
  61. ## CONTENT SUBMITTED
  62. * npm_version
  63. * node_version
  64. * platform
  65. * node_env
  66. * A scrubbed version of your package-lock.json or npm-shrinkwrap.json
  67. ### SCRUBBING
  68. In order to ensure that potentially sensitive information is not included in
  69. the audit data bundle, some dependencies may have their names (and sometimes
  70. versions) replaced with opaque non-reversible identifiers. It is done for
  71. the following dependency types:
  72. * Any module referencing a scope that is configured for a non-default
  73. registry has its name scrubbed. (That is, a scope you did a `npm login --scope=@ourscope` for.)
  74. * All git dependencies have their names and specifiers scrubbed.
  75. * All remote tarball dependencies have their names and specifiers scrubbed.
  76. * All local directory and tarball dependencies have their names and specifiers scrubbed.
  77. The non-reversible identifiers are a sha256 of a session-specific UUID and the
  78. value being replaced, ensuring a consistent value within the payload that is
  79. different between runs.
  80. ## SEE ALSO
  81. * npm-install(1)
  82. * package-locks(5)
  83. * config(7)