npm audit only for production dependencies?

By Posted on

npm audit only for production dependencies?

Currently, when running npm audit in a project, it checks both the dependencies and the devDependencies. I am looking for a way to only check the dependencies. Is there currently a way to do so?

Solution :

Support for --production flag was released in npm 6.10.0

https://github.com/npm/cli/pull/202

npm audit --production

The --omit flag was added in npm 7.x and is now preferred.

https://docs.npmjs.com/cli/v8/commands/npm-audit/#omit

npm audit --omit=dev

You should use --omit=dev rather than --production according to warnings on more recent npm versions:

$ npm audit --production
npm WARN config production Use `--omit=dev` instead.

It seems to be deprecated as of npm v8.7.0. I wasn’t able to confirm, but this PR seems the most relevant from my research: https://github.com/npm/cli/pull/4744

Looking into the PR’s description, it’s possible you should be specifying --omit peer as well.

Leave a Reply

Your email address will not be published. Required fields are marked *