npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm audit production only?

I’m trying to add audit process as part of our travis automation build, and since our project is in beta now I’m can careless about the vulnerability in the dev dependency, in our particular case: gulp and night-watch-html-reporter. I was hoping if I do npm audit --production --only-prod it will not fail the script if no vulnerability is found in production dependency, however looks like the audit command ignores it unless Im using the fix flag.

How should I handle this to generate scan, log and also pass the travis build?