This package allows you to ignore devDependencies
while running npm audit
. You can replace npm audit
in your CI pipeline directly by using the following:
npm install -g audit-ignore-dev
audit-ignore-dev
This command will produce output based on the package.json
file in your current directory.
npm install --save-dev audit-ignore-dev
./node_modules/audit-ignore-dev/index.js
Clone this repo locally, then run
npm install
npm test
Optionally, you can provide arguments for the acceptable amount of vulnerabilities in your dependencies
:
audit-ignore-dev -c 0 -h 0 -m 2 -l 10 -i 1000 --json
--help
: View these options
--json
: If this flag is present, output a new json object with the vulnerabilities from devDependencies
removed from the metadata.vulnerabilities
and from the actions[actionNumber].resolves
.
-c {Number}
or ---critical {Number}
: Amount of acceptable critical vulnerabilities in your dependencies
-h {Number}
or --high {Number}
: Amount of acceptable high vulnerabilities in your dependencies
-m {Number}
or --moderate {Number}
: Amount of acceptable moderate vulnerabilities in your dependencies
-l {Number}
or --low {Number}
: Amount of acceptable low vulnerabilities in your dependencies
-i {Number}
or --info {Number}
: Amount of acceptable info vulnerabilities in your dependencies
Nathanial Myers