[BUG] npm audit stopped audit packages
yoieh opened this issue · comments
yoieh commented
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
when having a version of package with a known CVE installed gives:
found 0 vulnerabilities
related issue found with yarn audit: yarnpkg/yarn#9054
Expected Behavior
Should at least fins some vulnerabilities...
Steps To Reproduce
- npm create vite@latest
- create with any template.
- cd
- Install express at exakt version 4.14.0, add:
"express": "4.14.0"
to package.json - npm i
- npm audit
Should find this: GHSA-rv95-896h-c2vc
Environment
- npm: 10.6.0
- Node.js: v20.11.0, but gives the same results on other versions...
- OS Name: Mac and Ubuntu
- npm config:
; node bin location = /Users/.../.nvm/versions/node/v20.11.0/bin/node
; node version = v20.11.0
; npm local prefix = /Users/.../test-npm-audit
; npm version = 10.2.4
; cwd = /Users/.../test-npm-audit
; HOME = /Users/...
; Run `npm config ls -l` to show all defaults.