Not modify package.json when doing npm audit fix

Question

I've updated my npm version, and I think npm audit is a new feature. When I run npm audit fix some of my packages versions are changed from package.json. I just want keep the packages as same as my coworkers

Answer 1

Answer to Original Question is already given by tzachs above.

More explanation for npm audit .

1. Doesn't Update All packages. Only Vulnerable ones.
2. Doesn't update package.json
3. Has some bugs.

Other options for updating npm packages

I prefer npm package ncu. In a fully functional project, with test cases written this works wonders.

Once ncu is installed, simply run ncu --doctor -u to update packages.

1. It updates npm packages to latest stable ones.
2. It runs test cases each time, it updates a package to report any breakage.

Answer 2

To answer the original question, if you really want to skip auditing completely when installing (for whatever reason, in my case I wanted to troubleshoot an exception when installing) you can use --no-audit flag:

npm install --no-audit

Answer 3

npm audit fix is not must to get your app up and running. I use this command when I want to make sure that there is no potential security vulnerability so that git hub won't have any object against my project. In case you still want to use audit fix without changing rest files, try this commands

Run audit fix without modifying node_modules, but still updating the pkglock:

 $ npm audit fix --package-lock-only

Skip updating devDependencies:

  $ npm audit fix --only=prod

Do a dry run to get an idea of what audit fix will do, and also output install information in JSON format:

$ npm audit fix --dry-run --json

Check out this link for your future reference: https://docs.npmjs.com/cli/audit