CommandCross-platform

Shadow Audit

Scan npm Dependencies for Known Vulnerabilities

Analyzes your project's npm dependencies for known security vulnerabilities and outputs a clean summary of affected packages and their severity levels.

Primary Scroll

npm audit --json | jq '.vulnerabilities | to_entries[] | {name: .key, severity: .value.severity}'

Simple Audit (no jq)

npm audit

Usage Notes

•npm audit fix attempts to auto-fix vulnerabilities
•npm audit fix --force fixes even with breaking changes
•--audit-level=high only reports high/critical issues
•Run in CI/CD pipelines to catch vulnerabilities early
•For yarn, use yarn audit instead

Warnings

Warning:--force may introduce breaking changes - test thoroughly
Warning:Some vulnerabilities may require manual intervention or package replacement

Related Scroll Ideas

• Audit Python dependencies with pip-audit
• Scan Docker images for vulnerabilities
• Check for outdated dependencies

← Back to Developer Scrolls