Skip to content

Commit

Permalink
doc: add --audit-level param
Browse files Browse the repository at this point in the history
implementation added in #31
  • Loading branch information
ngraef authored and isaacs committed Jun 29, 2019
1 parent 5a3c008 commit 0cd8df1
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions doc/cli/npm-audit.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@ npm-audit(1) -- Run a security audit

## SYNOPSIS

npm audit [--json|--parseable]
npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
npm audit fix [--force|--package-lock-only|--dry-run]

common options: [--production] [--only=(dev|prod)]

## EXAMPLES

Expand Down Expand Up @@ -60,6 +62,11 @@ To parse columns, you can use for example `awk`, and just print some of them:
$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
```

Fail an audit only if the results include a vulnerability with a level of moderate or higher:
```
$ npm audit --audit-level=moderate
```

## DESCRIPTION

The audit command submits a description of the dependencies configured in
Expand All @@ -75,6 +82,12 @@ runs a full-fledged `npm install` under the hood, all configs that apply to the
installer will also apply to `npm install` -- so things like `npm audit fix
--package-lock-only` will work as expected.

By default, the audit command will exit with a non-zero code if any vulnerability
is found. It may be useful in CI environments to include the `--audit-level` parameter
to specify the minimum vulnerability level that will cause the command to fail. This
option does not filter the report output, it simply changes the command's failure
threshold.

## CONTENT SUBMITTED

* npm_version
Expand Down

0 comments on commit 0cd8df1

Please sign in to comment.