Reputation: 3121
Where do NPM audit warnings come from?
From what I can glean from the docs,
The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.
So there is an NPM registry out there, I assume the same one from which I am going to get packages with npm install, and along with the packages it contains security audit warnings. If so, how does one register these warnings?
Upvotes: 1
Views: 319
Answers (1)
Reputation: 122137
The default repository for NPM installs is https://www.npmjs.com. They have a security policy, along with a specific guide to reporting that states:
If you find a security vulnerability in an npm package (either yours or someone else’s), you can report it to the npm Security team to help keep the Javascript ecosystem safe.
...
- On the package page, click Report a vulnerability.
Upvotes: 2
Related Questions
- What does "npm audit fix" exactly do?
- How do I manually `npm audit fix` a single security issue?
- Change npm audit default behavior
- How npm audit works?
- npm audit returns weird dependencies
- npm audit - how to make sure I have no production vulnerabilities?
- NPM audit warnings
- Npm audit issues
- "Run `npm audit` for more detail " warning
- NPM Audit fixes