npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Duplicate: Enable `--production` and `--only` for `npm audit`

Hej there,

we used to use nsp check to make sure we don’t ship apps with known vulnerabilities in their production dependencies. I would love to use npm audit for that since nsp is gone.

This is not possible for now since npm audit scans dev dependencies as well as production dependencies and the options --production and --only are only available for npm audit fix.

So it would be totally awesome to have --production and --only also for npm audit.

Would you accept a pull request for that? I’m not sure if I’m able to implement that feature, but I would love to check the source code.

Cheers, Michael

Edit: This is a duplicate. Sorry :see_no_evil:

There’s a PR for that already:

I didn’t include changes to filter the report as well (I think that’d go in a different PR & repo anyway) because --audit-level doesn’t on my end, which I think is what’s blocking the merge at the moment.

Opps. Thank you very much.

No problem, sorry if I seemed harsh.


sorry if I seemed harsh.

Not at all :kissing_heart: