npm audit only for production dependencies? –
Currently, when running
npm audit in a project, it checks both the
dependencies and the
devDependencies. I am looking for a way to only check the
dependencies. Is there currently a way to do so?
--production flag was released in npm 6.10.0
npm audit --production
--omit flag was added in npm 7.x and is now preferred.
npm audit --omit=dev
You should use
--omit=dev rather than
--production according to warnings on more recent
$ npm audit --production npm WARN config production Use `--omit=dev` instead.
It seems to be deprecated as of
v8.7.0. I wasn’t able to confirm, but this PR seems the most relevant from my research: https://github.com/npm/cli/pull/4744
Looking into the PR’s description, it’s possible you should be specifying
--omit peer as well.