we used to use
nsp check to make sure we don’t ship apps with known vulnerabilities in their production dependencies. I would love to use
npm audit for that since nsp is gone.
This is not possible for now since
npm audit scans dev dependencies as well as production dependencies and the options
--only are only available for
npm audit fix.
So it would be totally awesome to have
--only also for
Would you accept a pull request for that? I’m not sure if I’m able to implement that feature, but I would love to check the source code.
Edit: This is a duplicate. Sorry