[英]npm audit only for production dependencies?
Currently, when running npm audit
in a project, it checks both the dependencies
and the devDependencies
.目前,在项目中运行
npm audit
时,它会检查dependencies
项和devDependencies
。 I am looking for a way to only check the dependencies
.我正在寻找一种仅检查
dependencies
的方法。 Is there currently a way to do so?目前有没有办法做到这一点?
Support for --production
flag was released in npm 6.10.0 npm 6.10.0 中发布了对
--production
标志的支持
https://github.com/npm/cli/pull/202 https://github.com/npm/cli/pull/202
npm audit --production
The --omit
flag was added in npm 7.x and is now preferred.在 npm 7.x 中添加了
--omit
标志,现在是首选标志。
https://docs.npmjs.com/cli/v8/commands/npm-audit/#omit https://docs.npmjs.com/cli/v8/commands/npm-audit/#omit
npm audit --omit=dev
You should use --omit=dev
rather than --production
according to warnings on more recent npm
versions:根据最新
npm
版本的警告,您应该使用--omit=dev
而不是--production
:
$ npm audit --production
npm WARN config production Use `--omit=dev` instead.
It seems to be deprecated as of npm
v8.7.0
.从
npm
v8.7.0
,它似乎已被弃用。 I wasn't able to confirm, but this PR seems the most relevant from my research: https://github.com/npm/cli/pull/4744我无法确认,但这个 PR 似乎与我的研究最相关: https://github.com/npm/cli/pull/4744
Looking into the PR's description, it's possible you should be specifying --omit peer
as well.查看 PR 的描述,您可能也应该指定
--omit peer
。
在此之前,您可以使用此命令(linux):
npm audit --parseable | grep -v " --save-dev"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.