npm audit

npm install 패키지 설치 시 취약점이 있으면 아래와 같은 메시지를 보여준다.

+ stylelint@12.0.0
added 207 packages from 138 contributors and audited 1052 packages in 21.341s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

 

 

npm audit 명령어로 취약점 상세 내용을 확인하고, npm audit fix 명령어로 취약점을 수정할 수 있다.

$ npm audit

                       === npm audit security report ===                        

# Run  npm install --save-dev stylelint@13.6.1  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Prototype Pollution                                           

  Package         yargs-parser                                                  

  Dependency of   stylelint [dev]                                               

  Path            stylelint > meow > yargs-parser                               

  More info       https://npmjs.com/advisories/1500                             

found 1 low severity vulnerability in 1052 scanned packages
  1 vulnerability requires semver-major dependency updates.

 

 

npm audit fix 실행 시 간혹 해결이 안 되는 경우가 있다.

$ npm audit fix

up to date in 8.669s
fixed 0 of 1 vulnerability in 1052 scanned packages
  1 package update for 1 vulnerability involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

 

 

그럴 땐 npm audit fix --force 명령어로 강제 실행하거나 npm audit 명령어 결과에서 설명한 해결 방법대로 진행하면 된다.

$ npm audit fix --force

+ stylelint@13.6.1
added 26 packages from 14 contributors, removed 19 packages and updated 33 packages in 18.901s
fixed 1 of 1 vulnerability in 1052 scanned packages
  1 package update for 1 vulnerability involved breaking changes
  (installed due to `--force` option)

$ npm audit

                       === npm audit security report ===                        

# Run  npm install --save-dev stylelint@13.6.1  to resolve 1 vulnerability