mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-09 18:38:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
381411d2989b5d3479b94de7fc035bde2bfa98a8
bun.sh/docs/install/audit.md
Dylan Conway 5910504aeb bun pm audit -> bun audit (#19944)
2025-05-27 19:52:18 -07:00

38 lines
1.2 KiB
Markdown
Raw Blame History

`bun audit` checks your installed packages for known security vulnerabilities.
Run the command in a project with a `bun.lock` file:
```bash
$ bun audit
```
Bun sends the list of installed packages and versions to NPM, and prints a report of any vulnerabilities that were found. Packages installed from registries other than the default registry are skipped.
If no vulnerabilities are found, the command prints:
```
No vulnerabilities found
```
When vulnerabilities are detected, each affected package is listed along with the severity, a short description and a link to the advisory. At the end of the report Bun prints a summary and hints for updating:
```
3 vulnerabilities (1 high, 2 moderate)
To update all dependencies to the latest compatible versions:
bun update
To update all dependencies to the latest versions (including breaking changes):
bun update --latest
```
### `--json`
Use the `--json` flag to print the raw JSON response from the registry instead of the formatted report:
```bash
$ bun audit --json
```
### Exit code
`bun audit` will exit with code `0` if no vulnerabilities are found and `1` if the report lists any vulnerabilities. This will still happen even if `--json` is passed.
Reference in New Issue View Git Blame Copy Permalink