W3cubDocs

/npm

About audit reports

Skip to content
npm Docs
npmjs.comStatusSupport
About npm
Getting started
Packages and modules
Introduction to packages and modules
Contributing packages to the registry
Updating and managing your published packages
Getting packages from the registry
Securing your code
About audit reportsAuditing package dependencies for security vulnerabilitiesAbout ECDSA registry signaturesVerifying ECDSA registry signaturesAbout PGP registry signatures (deprecated)Verifying PGP registry signatures (deprecated)Requiring 2FA for package publishing and settings modificationReporting malware in an npm package
Integrations
Organizations
Policies
Threats and Mitigations
npm CLI
Table of contents

About audit reports

Audit reports contain tables of information about security vulnerabilities in your project's dependencies to help you fix the vulnerability or troubleshoot further.

Screenshot showing command-line audit report results

Vulnerability table fields

Severity

The severity of the vulnerability, determined by the impact and exploitability of the vulnerability in its most common use case.

Severity Recommended action
Critical Address immediately
High Address as quickly as possible
Moderate Address as time allows
Low Address at your discretion

Description

The description of the vulnerability. For example, "Denial of service".

Package

The name of the package that contains the vulnerability.

Patched in

The semantic version range that describes which versions contain a fix for the vulnerability.

Dependency of

The module that the package with the vulnerability depends on.

Path

The path to the code that contains the vulnerability.

More info

A link to the security report.

Edit this page on GitHub

© npm, Inc. and Contributors
Licensed under the npm License.
npm is a trademark of npm, Inc.
https://docs.npmjs.com/about-audit-reports