The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Duplicate: Enable `--production` and `--only` for `npm audit`
we used to use
nsp check to make sure we don’t ship apps with known vulnerabilities in their production dependencies. I would love to use
npm audit for that since nsp is gone.
This is not possible for now since
npm audit scans dev dependencies as well as production dependencies and the options
--only are only available for
npm audit fix.
So it would be totally awesome to have
--only also for
Would you accept a pull request for that? I’m not sure if I’m able to implement that feature, but I would love to check the source code.
Edit: This is a duplicate. Sorry
There’s a PR for that already:
I didn’t include changes to filter the report as well (I think that’d go in a different PR & repo anyway) because
--audit-level doesn’t on my end, which I think is what’s blocking the merge at the moment.
Opps. Thank you very much.
No problem, sorry if I seemed harsh.
sorry if I seemed harsh.
Not at all