bun.sh/docs/install/audit.md at 20baa2ca2c7c1b787caee2b18826ea1cb19b1f8a

mirror of https://github.com/oven-sh/bun synced 2026-02-13 20:39:05 +00:00

Files

Jarred Sumner a8e4489e10 Add docs for bun pm audit (#19885 )

Co-authored-by: Alistair Smith <hi@alistair.sh>
Co-authored-by: alii <25351731+alii@users.noreply.github.com>

2025-05-26 21:56:32 -07:00

1.2 KiB

Raw Blame History

bun pm audit checks your installed packages for known security vulnerabilities.

Run the command in a project with a bun.lock file:

$ bun pm audit

Bun sends the list of installed packages and versions to NPM, and prints a report of any vulnerabilities that were found. Packages installed from registries other than the default registry are skipped.

If no vulnerabilities are found, the command prints:

No vulnerabilities found

When vulnerabilities are detected, each affected package is listed along with the severity, a short description and a link to the advisory. At the end of the report Bun prints a summary and hints for updating:

3 vulnerabilities (1 high, 2 moderate)
To update all dependencies to the latest compatible versions:
  bun update
To update all dependencies to the latest versions (including breaking changes):
  bun update --latest

`--json`

Use the --json flag to print the raw JSON response from the registry instead of the formatted report:

$ bun pm audit --json

Exit code

bun pm audit will exit with code 0 if no vulnerabilities are found and 1 if the report lists any vulnerabilities. This will still happen even if --json is passed.

1.2 KiB Raw Blame History

--json

Exit code

1.2 KiB

Raw Blame History

`--json`