Run a security audit


npm audit 


The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. The report returned includes instructions on how to act on this information.



In order to ensure that potentially sensitive information is not included in the audit data bundle, some dependencies may have their names (and sometimes versions) replaced with opaque non-reversible identifiers. It is done for the following dependency types:

The non-reversible identifiers are a sha256 of a session-specific UUID and the value being replaced, ensuring a consistent value within the payload that is different between runs.

See Also

Last modified October 26, 1985           Found a typo? Send a pull request!

npm Services

Getting started

Private packages


Using npm

CLI commands

Configuring npm

View All On One Page