Cek untuk masalah keamanan yang diketahui dengan paket-paket yang telah terpasang.

If security issues are found, try to update your dependencies viapnpm update.If a simple update does not fix all the issues, useoverrides to forceversions that are not vulnerable. For instance, iflodash@<2.1.0 is vulnerable,use this overrides to forcelodash@^2.1.0:

{
"pnpm":{
"overrides":{
"lodash@<2.1.0":"^2.1.0"
}
}
}

Or alternatively, runpnpm audit --fix.

If you want to tolerate some vulnerabilities as they don't affect your project, you may use thepnpm.auditConfig.ignoreCves setting.

Pengaturan​

--audit-level <severity>​

• Type:low,moderate,high,critical
• Default:low

Only print advisories with severity greater than or equal to<severity>.

--fix​

Add overrides to thepackage.json file in order to force non-vulnerable versions of the dependencies.

--json​

Keluarkan laporan audit dalam format JSON.

--dev, -D​

Hanya audit dependensi dev.

--prod, -P​

Hanya audit dependensi production.

--no-optional​

Don't auditoptionalDependencies.

--ignore-registry-errors​

Jika registri merespons dengan kode status non-200, proses harus keluar dengan 0.Jadi prosesnya akan gagal hanya jika registri benar-benar berhasil merespons dengan kerentanan yang ditemukan.