npm audit production only?


(Xiaoyu Zhou) #1

I’m trying to add audit process as part of our travis automation build, and since our project is in beta now I’m can careless about the vulnerability in the dev dependency, in our particular case: gulp and night-watch-html-reporter. I was hoping if I do npm audit --production --only-prod it will not fail the script if no vulnerability is found in production dependency, however looks like the audit command ignores it unless Im using the fix flag.

How should I handle this to generate scan, log and also pass the travis build?


npm audit (without --fix) ignores --only=prod
(system) #2

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.