npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Fail npm install when audit detects vulnerabilities

It would be useful for CI to have a flag on npm install that fails installation when vulnerabilities are detected. Ideally the severity that would trigger a failure would be configurable.

This would help protect automated builds from silently succeeding when vulnerabilities are introduced or old packages are added to the vuln list.


Strongly agree with this