The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Any way to sync audit data to private local registry?
Now must post packages data to npm registry to use audit features.
But we don’t want to send the packages data public registry inside my company.
Or just using https://nodesecurity.io/advisories ?
I compared an audit using https://nodesecurity.io/advisories data and one useing npm audit and it seems that npm keeps some vulnerabilities for themselves as the former returned less issues than the later.
Which really bugger me. With the ENOAUDIT issue we really cannot rely on npm to audit our projects in our ci/cd pipeline.