Since devDependencies don’t make it into live production anyways, having vulnerabilities there is much less impactful than having vulnerabilities in live packages. It would be greatly helpful if I could filter out the devDependency vulnerabilities to see if a critical update is needed for a live package.
Please provide a flag to skip auditing devDependencies.
npm audit --prod
Also, please provide a flag to ignore a specific package
npm audit --ignore package_to_ignore