npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Remove audit reporting from systems that require accounts

I’m getting started with the audit functionality of npm. While I can see the benefits, it’s incredibly annoying to receive warnings like:

    │ High          │ Lodash Package for Node.js lodash.js safeGet() Function      │
    │               │ Object Prototype Manipulation Unspecified Issue              │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ lodash                                                       │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Patched in    │ 4.17.12-pre                                                  │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ praxis-scripts                                               │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ praxis-scripts > @praxis/react-scripts >                     │
    │               │ http-proxy-middleware > lodash                               │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://vulndb.cyberriskanalytics.com/vulnerabilities/207591 │
    └───────────────┴──────────────────────────────────────────────────────────────┘

Where I can’t see https://vulndb.cyberriskanalytics.com/vulnerabilities/207591 without creating a cyberriskanalytics account. These topics should be viewable publicly or hosted by npm. If they’re being reported, I should not have to make an account.