npm audit fix — resolve security vulnerabilities
Quick Answer
# Show all vulnerabilities
npm audit
# Auto-fix compatible updates
npm audit fix
# Fix including breaking (major version) changes
npm audit fix --forceUsage
npm audit reports known security vulnerabilities in your dependencies.
Other causes & fixes
Audit output explained
npm audit
# Severity levels: critical, high, moderate, low, info
#
# ┌─────────────────────────────────────────────────────────────┐
# │ === npm audit === │
# │ found 3 vulnerabilities (1 moderate, 2 high) │
# └─────────────────────────────────────────────────────────────┘Audit only prod dependencies
npm audit --omit=devManually fix a specific vulnerable package
# Upgrade a specific package
npm install lodash@latest
# Or pin to a patched version
npm install lodash@4.17.21Get JSON output for CI
npm audit --json | jq '.metadata.vulnerabilities'
# {criticals: 0, high: 2, moderate: 1, low: 0, total: 3}
# Fail CI on high+ severity
npm audit --audit-level=highRelated