NPM configuration to skip vulnerabilities audit for devDependencies on install

Question

Is it possible to configure npm to skip audit of vulnerabilities for devDependencies when running command npm install?

Nour Edin Al-Habal · Answer 1 · 2022-10-27T08:12:25.907

15

You can skip auditing at all by adding the --no-audit flag.

npm install --no-audit

If you want this to apply to devDependencies only, you can run it this way:

npm install --no-audit --only=dev

If you want this to apply to production dependencies only, you can run it this way:

npm install --no-audit --only=prod

edited Oct 27 '22 at 08:12

answered May 09 '22 at 14:31

score 5 · Answer 2 · edited Jun 27 '23 at 10:08

5

Since this is a first result when you try to google for a way to disable audit, let's post a more convenient solution for more general case.

You can skip auditing altogether by using npm config:

npm config set audit false

And to reduce pesky noise even more:

npm config set fund false

edited Jun 27 '23 at 10:08

Joris Schellekens

answered Jun 27 '23 at 09:53

garkin

score 0 · Answer 3 · answered Jul 14 '23 at 10:20

0

npm install --disableNodeJS --nodeAuditSkipDevDependencies

answered Jul 14 '23 at 10:20

user2579720

score -1 · Answer 4 · edited Mar 04 '22 at 19:21

-1

You can simply just use the command

npm audit --prod

And to ignore a particular package use

npm audit --ignore packageName

To know more about it you can visit this link - https://github.com/npm/npm/issues/20564.

edited Mar 04 '22 at 19:21

Dharman

answered Mar 04 '22 at 19:15

Marshal

Thank you, I know about `npm audit --prod`. I was asking if there is a global npm configuration available to skip dev dependencies auditing on `npm install`. – revy Mar 05 '22 at 08:52

4 Answers4