This code here - https://github.com/npm/npm/blob/latest/lib/audit.js#L255-L260 - makes
npm audit exit with a non-zero exit code if there are any vulnerabilities found.
We’d like to be able to use npm audit in our CI deployment pipeline, but at the moment this makes it unfeasible since it requires us to fix all low impact vulnerabilities. We’d like to be able to configure this to be able to “pass” if only low or moderate vulnerabilities are found, and fail if high or critical level vulns are detected.
A flag like
--audit-level high would be super useful for this use case.