Skip to main content

pnpm audit

Added in: 4.3.0

Checks for known security issues with the installed packages.

If security issues are found, try to update your dependencies via pnpm update. If a simple update does not fix all the issues, use overrides to force versions that are not vulnerable. For instance, if lodash@<2.1.0 is vulnerable, use this overrides to force lodash@^2.1.0:

package.json
{
"pnpm": {
"overrides": {
"lodash@<2.1.0": "^2.1.0"
}
}
}

Options#

--audit-level <severity>#

  • Type: low, moderate, high, critical
  • Default: low

Only print advisories with severity greater than or equal to <severity>.

--json#

Output audit report in JSON format.

--dev, -D#

Only audit dev dependencies.

--prod, -P#

Only audit production dependencies.

--no-optional#

Don't audit optionalDependencies.