What is npm audit fix???
npm audit is a new feature, introduced with npm@6. It shows all vulnerabilities your dependencies got (excluding peerDependencies).
You can disable the warning for single package installations with the ‘--no-audit’ flag.
Why do we need this ???
If you guys have used Github and have a long running project you might see something like this,
hoek@2.16.3 was a big security vulnerability found which was resolved in hoek@4.2.1 and later on.
this is a classic example where npm audit fix could be used efficiently.
step 1 — find where this dependency is used
we can use npm ls hoek here to find out where this dependency is used.
Now we know the places where this dependency is used and we have to fix it.
step 2 — find and update the parent
we just need to update the parent and it will solve everything..
This is what npm audit fix automatically does for us, watch following video for more insight or look into official blog from npmjs.
thank you all for reading, please follow Codebrace
#codebrace
