npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

NPM audit - disable scrubbing

I know that “scrubbing” (replacing of names with UUIDs) is intended to be a feature and not a bug. However, for me, it causes problems. So, I’d like to deactivate it to make my life easier. Is this possible?

It’s not possible currently. What problems is it causing?

I have a script analyzing the output of NPM audit on a regular basis. As soon as a new vulnerability or a known vulnerability at a new path (i.e. I added a new dependency which is vulnerable) appears, I get a notification. I will then manually research if I’m actually vulnerable (e.g. if the dependency in question processes user input etc.). If I find out that I am NOT vulnerable I’ll tell my script to ignore that specific vulnerability at that specific path. However, since scrubbed paths are not stable, I cannot do that for scrubbed paths.