Duplicate: Enable `--production` and `--only` for `npm audit`

(Michael Kühnel) #1

Hej there,

we used to use nsp check to make sure we don’t ship apps with known vulnerabilities in their production dependencies. I would love to use npm audit for that since nsp is gone.

This is not possible for now since npm audit scans dev dependencies as well as production dependencies and the options --production and --only are only available for npm audit fix.

So it would be totally awesome to have --production and --only also for npm audit.

Would you accept a pull request for that? I’m not sure if I’m able to implement that feature, but I would love to check the source code.

Cheers, Michael

Edit: This is a duplicate. Sorry :see_no_evil:

(Lars Willighagen) #2

There’s a PR for that already:

I didn’t include changes to filter the report as well (I think that’d go in a different PR & repo anyway) because --audit-level doesn’t on my end, which I think is what’s blocking the merge at the moment.

(Michael Kühnel) #3

Opps. Thank you very much.

(Lars Willighagen) #4

No problem, sorry if I seemed harsh.

(Michael Kühnel) #5


sorry if I seemed harsh.

Not at all :kissing_heart: