node.jsnpmnode-modulesnpm-install.npmrc
.npmrc removes vulnerable packages statement during npm install
If I remove the .npmrc file and do "npm install", it shows me the found vulnerabilities.
When I include my .npmrc file has only the registry url and do "npm install", i can't see the vulnerable packages. Maybe I am missing any config in the file that has to be there. I tried several configs yet cannot see the vulnerable packages.
Without .npmrc file: -
With .npmrc file: -
My .npmrc file which I added is only one liner: -
registry = <my_registry_url>
I'd like to know what am I missing.
Solution
The other registry doesn't support the audit endpoint, so npm doesn't know how to ask it to audit your package selection.
If you say npm i --verbose ..., you'll notice it doing
npm http fetch POST 200 https://registry.npmjs.org/-/npm/v1/security/advisories/bulk 234ms
npm timing auditReport:getReport Completed in 236ms
- This module is declared with using 'export =', and can only be used with a default import when using the 'esModuleInterop' flag
- How can you make a node server running on WSL2 forward over LAN so that it can be accessed by a phone?
- How to limit bucket upload size in Backblaze B2 (S3 COMPATIBLE API)?
- Is there really a way to send payment to another stripe account user?
- Blocked by CORS policy despite domain name present in server side file
- ts-node and ESM: unknown file extension '.ts'
- EJS Rendering Error: "allChats is not defined" Despite Data in MongoDB
- AWS Cloudwatch Alarm Issue
- OAuth 2.0 Single Client Configuration for Web and Mobile Applications
- sequelize error: missing index for constraint
- updating firestore document multiple times from event trigger function overwrites or stops updating after few triggers
- throws an error while running my custom rules in ESlint 1:1 error Definition for rule 'D:/Sports/eslint-rules/no-log.js' was not found
- Python analog code for crypto npm package (ENCODE/DECODE)
- Getting undefined for file upload in node js using multer
- Sequelize select * where attribute is NOT x
- Error: secretOrPrivateKey must have a value
- Can't run my Node.js Typescript project TypeError [ERR_UNKNOWN_FILE_EXTENSION]: Unknown file extension ".ts" for /app/src/App.ts
- Error: Cannot find module 'next' in Docker / Next 14 / Node 20 / React 18
- Retrieve last inserted id with Mysql
- Accessing Firestore via Cloud Function
- React, Node.js, jwt Login process. I can't stay the state with accessToken
- How to publish a website made by Node.js to Github Pages?
- Uncaught Error: Invalid date: 21/01/2023 in react using DateTIme Picker
- When should I use (or not use) the keepAlive option of the Node.js http Agent?
- Access variable from NPM outside of NPM internal function
- Getting CAN_NOT_GET_GATEWAY_SERVER exception on joining a call
- How to resolve the "cannot find module ./response" error in Node.js Express?
- How do I determine the current operating system with Node.js
- Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only file and data URLs are supported by the default ESM loader - Vue 3
- I'm getting and unhandled promise rejection that I need correct syntax for in nodejs