Add docs for bun pm audit (#19885)

Co-authored-by: Alistair Smith <hi@alistair.sh>
Co-authored-by: alii <25351731+alii@users.noreply.github.com>

docs/install/audit.md

@@ -0,0 +1,37 @@
+`bun pm audit` checks your installed packages for known security vulnerabilities.
+
+Run the command in a project with a `bun.lock` file:
+
+```bash
+$ bun pm audit
+```
+
+Bun sends the list of installed packages and versions to NPM, and prints a report of any vulnerabilities that were found. Packages installed from registries other than the default registry are skipped.
+
+If no vulnerabilities are found, the command prints:
+
+```
+No vulnerabilities found
+```
+
+When vulnerabilities are detected, each affected package is listed along with the severity, a short description and a link to the advisory. At the end of the report Bun prints a summary and hints for updating:
+
+```
+3 vulnerabilities (1 high, 2 moderate)
+To update all dependencies to the latest compatible versions:
+  bun update
+To update all dependencies to the latest versions (including breaking changes):
+  bun update --latest
+```
+
+### `--json`
+
+Use the `--json` flag to print the raw JSON response from the registry instead of the formatted report:
+
+```bash
+$ bun pm audit --json
+```
+
+### Exit code
+
+`bun pm audit` will exit with code `0` if no vulnerabilities are found and `1` if the report lists any vulnerabilities. This will still happen even if `--json` is passed.

docs/nav.ts

@@ -207,6 +207,9 @@ export default {
       description:
         "Patch dependencies in your project to fix bugs or add features without vendoring the entire package.",
     }),
+    page("install/audit", "Audit dependencies", {
+      description: "Check installed packages for vulnerabilities.",
+    }),
     page("install/npmrc", ".npmrc support", {
       description: "Bun supports loading some configuration options from .npmrc",
     }),