This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
npm-audit(1) -- Run a security audit | ||
==================================== | ||
|
||
## SYNOPSIS | ||
|
||
npm audit | ||
|
||
## DESCRIPTION | ||
|
||
The audit command submits a description of the dependencies configured in | ||
your project to your default registry and asks for a report of known | ||
vulnerabilities. The report returned includes instructions on how to act on | ||
this information. | ||
|
||
## CONTENT SUBMITTED | ||
|
||
* npm_version | ||
* node_version | ||
* platform | ||
* node_env | ||
* A scrubbed version of your package-lock.json or npm-shrinkwrap.json | ||
|
||
### SCRUBBING | ||
|
||
In order to ensure that potentially sensitive information is not included in | ||
the audit data bundle, some dependencies may have their names (and sometimes | ||
versions) replaced with opaque non-reversible identifiers. It is done for | ||
the following dependency types: | ||
|
||
* Any module referencing a scope that is configured for a non-default | ||
registry has its name scrubbed. (That is, a scope you did a `npm login --scope=@ourscope` for.) | ||
* All git dependencies have their names and specifiers scrubbed. | ||
* All remote tarball dependencies have their names and specifiers scrubbed. | ||
* All local directory and tarball dependencies have their names and specifiers scrubbed. | ||
|
||
The non-reversible identifiers are a sha256 of a session-specific UUID and the | ||
value being replaced, ensuring a consistent value within the payload that is | ||
different between runs. | ||
|
||
## SEE ALSO | ||
|
||
* npm-install(1) | ||
* config(7) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters