-
Notifications
You must be signed in to change notification settings - Fork 3k
audit: allow the audit failure level to be configured #20992
Conversation
f7a4d86
to
da476b3
Compare
Use case: we'd like to include We can work around it by parsing the json and working it out for ourselves, but this PR was easier than doing that. |
@lennym You also need to document this, add it to the types object in |
`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected.
da476b3
to
c5e48d0
Compare
I've updated to include the types. Before I go too deep into writing tests and docs it's be good to get some steer as to whether this is a feature that might get merged in principle as is (docs and tests pending). I'm not super keen to go and spent a few hours coding on this if it's not going to get merged or it's just going to end up going own a rabbit hole of expanding features. Obviously very happy to do so if it results in getting the feature in a future version though. |
In that case, I would suggest you drop something in https://npm.community/c/ideas about this. |
One step ahead... https://npm.community/t/allow-a-configurable-vuln-level-to-make-npm-audit-fail/245 I did try to post a reply pointing to this PR, but I've been put in time out there for some reason (I assume because I was freshly signed up and posted too many links - no complaint from me in that regard) |
Shameless advertising: |
Apologies for the radio silence on this. I've added some docs and tests in the hope that this might make it into a future release. I couldn't find any obvious tests for the basic Cheers. |
Hi! We're moving repos to https://github.com/npm/cli/pulls! See our blog post about the migration to npm.community for details. As such, we're closing all active PRs on this repo. Could you please re-open this PR against |
npm audit
currently exits with exit code 1 if any vulnerabilities are found of any level.Add a flag of
--audit-level
tonpm audit
to allow it to pass if only vulnerabilities below a certain level are found.Example:
npm audit --audit-level=high
will exit with 0 if only low or moderate level vulns are detected.