npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Local run of npm audit with previously-downloaded binaries

My company has security gates in place that prevent most outside-looking scripts from working at build time. We run node-sass, for example, by downloading binaries through an approved process, and then requiring those binaries at build time instead of using the default step of allowing node-sass to call out for that information.

Do you think it would be possible for npm audit to run in a similar fashion? (Or, looking forward, tink audit?) We download something large every two weeks, say, and npm audit refers to that download. If possible, how would you recommend building it (high level sketch)? Thank you very much!