npm 审计仅针对生产依赖项?
[英]npm audit only for production dependencies?
问题描述
Currently, when running npm audit in a project, it checks both the dependencies and the devDependencies .
目前,在项目中运行npm audit时,它会检查dependencies项和devDependencies 。 I am looking for a way to only check the dependencies .我正在寻找一种仅检查dependencies的方法。 Is there currently a way to do so?目前有没有办法做到这一点?
2 个解决方案
解决方案1
48 已采纳 2020-01-17 01:29:20
Support for --production flag was released in npm 6.10.0 npm 6.10.0 中发布了对--production标志的支持
https://github.com/npm/cli/pull/202 https://github.com/npm/cli/pull/202
npm audit --production
The --omit flag was added in npm 7.x and is now preferred.在 npm 7.x 中添加了--omit标志,现在是首选标志。
https://docs.npmjs.com/cli/v8/commands/npm-audit/#omit https://docs.npmjs.com/cli/v8/commands/npm-audit/#omit
npm audit --omit=dev
解决方案2
2 2022-07-02 17:52:13
You should use --omit=dev rather than --production according to warnings on more recent npm versions:根据最新npm版本的警告,您应该使用--omit=dev而不是--production :
$ npm audit --production
npm WARN config production Use `--omit=dev` instead.
It seems to be deprecated as of npm v8.7.0 .从npm v8.7.0 ,它似乎已被弃用。 I wasn't able to confirm, but this PR seems the most relevant from my research: https://github.com/npm/cli/pull/4744我无法确认,但这个 PR 似乎与我的研究最相关: https://github.com/npm/cli/pull/4744
Looking into the PR's description, it's possible you should be specifying --omit peer as well.查看 PR 的描述,您可能也应该指定--omit peer 。
解决方案3
-3 2018-11-21 15:52:13
在此之前,您可以使用此命令(linux):
npm audit --parseable | grep -v " --save-dev"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.