├── .npmrc ├── .nycrc ├── .github ├── workflows │ ├── node-pretest.yml │ ├── rebase.yml │ ├── require-allow-edits.yml │ └── node.yml └── FUNDING.yml ├── .eslintrc ├── LICENSE ├── test └── index.js ├── .gitignore ├── package.json ├── README.md ├── bin.mjs ├── getProjectTempDir.js └── CHANGELOG.md /.npmrc: -------------------------------------------------------------------------------- 1 | package-lock=false 2 | allow-same-version=true 3 | message=v%s 4 | audit-level=high 5 | -------------------------------------------------------------------------------- /.nycrc: -------------------------------------------------------------------------------- 1 | { 2 | "all": true, 3 | "check-coverage": false, 4 | "reporter": ["text-summary", "text", "html", "json"], 5 | "exclude": [ 6 | "coverage", 7 | "test" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /.github/workflows/node-pretest.yml: -------------------------------------------------------------------------------- 1 | name: 'Tests: pretest/posttest' 2 | 3 | on: [pull_request, push] 4 | 5 | jobs: 6 | tests: 7 | uses: ljharb/actions/.github/workflows/pretest.yml@main 8 | -------------------------------------------------------------------------------- /.github/workflows/rebase.yml: -------------------------------------------------------------------------------- 1 | name: Automatic Rebase 2 | 3 | on: [pull_request_target] 4 | 5 | jobs: 6 | _: 7 | uses: ljharb/actions/.github/workflows/rebase.yml@main 8 | secrets: 9 | token: ${{ secrets.GITHUB_TOKEN }} 10 | -------------------------------------------------------------------------------- /.github/workflows/require-allow-edits.yml: -------------------------------------------------------------------------------- 1 | name: Require “Allow Edits” 2 | 3 | on: [pull_request_target] 4 | 5 | jobs: 6 | _: 7 | name: "Require “Allow Edits”" 8 | 9 | runs-on: ubuntu-latest 10 | 11 | steps: 12 | - uses: ljharb/require-allow-edits@main 13 | -------------------------------------------------------------------------------- /.github/workflows/node.yml: -------------------------------------------------------------------------------- 1 | name: 'Tests: node.js' 2 | 3 | on: [pull_request, push] 4 | 5 | jobs: 6 | tests: 7 | uses: ljharb/actions/.github/workflows/node.yml@main 8 | with: 9 | range: '>= 22 || ^20.9 || ^18.12 || ^16.14' 10 | type: minors 11 | command: npm run tests-only 12 | -------------------------------------------------------------------------------- /.eslintrc: -------------------------------------------------------------------------------- 1 | { 2 | "root": true, 3 | 4 | "extends": "@ljharb/eslint-config/node/16", 5 | 6 | "rules": { 7 | "array-bracket-newline": 0, 8 | "func-name-matching": 0, 9 | "func-style": 0, 10 | }, 11 | 12 | "overrides": [ 13 | { 14 | "files": "./getProjectTempDir.js", 15 | "rules": { 16 | "max-nested-callbacks": 0, 17 | "sort-keys": 0, 18 | }, 19 | }, 20 | ], 21 | } 22 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [ljharb] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: npm/aud 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 13 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Jordan Harband 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /test/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const path = require('path'); 4 | const { exec } = require('child_process'); 5 | 6 | const test = require('tape'); 7 | 8 | const cwd = process.cwd(); 9 | 10 | function hideWarnings(lines) { 11 | return lines.filter((x) => !(/^npm WARN|^\(node:\d+\) ExperimentalWarning/).test(x)); 12 | } 13 | 14 | const binPath = require('../package.json').bin; 15 | 16 | test('fix option', (t) => { 17 | t.plan(6); 18 | process.chdir(path.join(__dirname, '..')); 19 | exec(`${binPath} fix`, { encoding: 'utf-8' }, (error, stdout, stderr) => { 20 | process.chdir(cwd); 21 | 22 | t.ok(error, 'errors'); 23 | t.ok(error.message.startsWith('Command failed: '), 'expected error message'); 24 | t.equal(error.code, 1, 'error code is 1'); 25 | t.match( 26 | hideWarnings(String(error).split('\n'))[1], 27 | /^npm (?:ERR!|error) code (?:EAUDITNOLOCK|ENOLOCK|EUSAGE)$/, 28 | 'error message has EAUDITNOLOCK or ENOLOCK or EUSAGE', 29 | ); 30 | t.equal(stdout, '', 'no stdout output'); 31 | t.match( 32 | hideWarnings(stderr.split('\n'))[0], 33 | /^npm (?:ERR!|error) code (?:EAUDITNOLOCK|ENOLOCK|EUSAGE)$/, 34 | 'stderr starts with expected error code', 35 | ); 36 | }); 37 | }); 38 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (https://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # TypeScript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | # next.js build output 61 | .next 62 | 63 | # Only apps should have lockfiles 64 | npm-shrinkwrap.json 65 | package-lock.json 66 | yarn.lock 67 | 68 | .npmignore 69 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "aud", 3 | "version": "3.0.1", 4 | "description": "Use `npx aud` instead of `npm audit`, whether you have a lockfile or not!", 5 | "bin": "./bin.mjs", 6 | "exports": { 7 | "./package.json": "./package.json" 8 | }, 9 | "scripts": { 10 | "prepack": "npmignore --auto --commentLines=autogenerated", 11 | "prepublish": "not-in-publish || npm run prepublishOnly", 12 | "prepublishOnly": "safe-publish-latest", 13 | "pretest": "npm run lint", 14 | "lint": "eslint --ext=js,mjs .", 15 | "tests-only": "nyc tape 'test/**/*.js'", 16 | "test": "npm run tests-only", 17 | "posttest": "./bin.mjs --production", 18 | "version": "auto-changelog && git add CHANGELOG.md", 19 | "postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\"" 20 | }, 21 | "repository": { 22 | "type": "git", 23 | "url": "git+https://github.com/ljharb/aud.git" 24 | }, 25 | "keywords": [ 26 | "audit", 27 | "lockfile", 28 | "shrinkwrap", 29 | "npm", 30 | "audit" 31 | ], 32 | "author": "Jordan Harband ", 33 | "funding": { 34 | "url": "https://github.com/sponsors/ljharb" 35 | }, 36 | "license": "MIT", 37 | "bugs": { 38 | "url": "https://github.com/ljharb/aud/issues" 39 | }, 40 | "homepage": "https://github.com/ljharb/aud#readme", 41 | "dependencies": { 42 | "colors": "=1.4.0", 43 | "find-package-json": "^1.2.0", 44 | "libnpx": "^10.2.4", 45 | "node-cleanup": "^2.1.2", 46 | "npm-lockfile": "^4.0.0", 47 | "semver": "^7.6.3", 48 | "tmp": "^0.2.3" 49 | }, 50 | "devDependencies": { 51 | "@ljharb/eslint-config": "^21.1.1", 52 | "auto-changelog": "^2.4.0", 53 | "eslint": "=8.8.0", 54 | "npmignore": "^0.3.1", 55 | "nyc": "^15.1.0", 56 | "safe-publish-latest": "^2.0.0", 57 | "tape": "^5.8.1" 58 | }, 59 | "engines": { 60 | "node": ">= 22 || ^20.9 || ^18.12 || ^16.14", 61 | "npm": ">= 8.5.0" 62 | }, 63 | "auto-changelog": { 64 | "output": "CHANGELOG.md", 65 | "template": "keepachangelog", 66 | "unreleased": false, 67 | "commitLimit": false, 68 | "backfillLimit": false, 69 | "hideCredit": true 70 | }, 71 | "publishConfig": { 72 | "ignore": [ 73 | ".github/workflows" 74 | ] 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ***END OF LIFE*** 2 | 3 | Thanks to the wonderful folks at npm, in npm v10.2+, after [6 years](https://twitter.com/adam_baldwin/status/994314354530045952), `npm audit` [no longer requires a lockfile](https://github.com/npm/cli/pull/6732)! 4 | 5 | Therefore, you should no longer use `aud`. Instead, use `npx npm@'>=10.2' audit --production`. 6 | 7 | -------- 8 | 9 | # aud [![Version Badge][npm-version-svg]][npm-url] 10 | 11 | [![License][license-image]][license-url] 12 | [![Downloads][downloads-image]][downloads-url] 13 | 14 | [![npm badge][npm-badge-png]][npm-url] 15 | 16 | Use `npx aud` instead of `npm audit`, whether you have a lockfile or not! 17 | 18 | It's a great idea to run `npm audit` in CI; it ensures that you don't unknowingly have vulnerabilities in your dep graph. 19 | 20 | Unfortunately, it doesn't work without a lockfile :crying_cat_face: and [only apps should have lockfiles](https://github.com/sindresorhus/ama/issues/479#issuecomment-310661514). It also requires `npm` `v6` or above. 21 | 22 | Now, instead of `npm audit`, you can run `npx aud`! If your repo has a lockfile, it will just run `npm audit`; if it does not, it will use [`npm-lockfile`](https://www.npmjs.com/package/npm-lockfile) to copy your `package.json` and your currently configured audit level (`npm config get audit-level`) to a temp dir that has the proper version of npm installed, it will use `npm install --package-lock-only` to create a temporary lockfile, and it will run `npm audit` there. On exit, all the temp dirs will get cleaned up. 23 | 24 | `aud fix` without a lockfile present will throw `npm audit`'s normal "no lockfile" error, since there's no way to preserve fixes to transitive dependencies. 25 | 26 | [npm-url]: https://npmjs.org/package/aud 27 | [npm-version-svg]: https://versionbadg.es/ljharb/aud.svg 28 | [deps-svg]: https://david-dm.org/ljharb/aud.svg?theme=shields.io 29 | [deps-url]: https://david-dm.org/ljharb/aud 30 | [dev-deps-svg]: https://david-dm.org/ljharb/aud/dev-status.svg?theme=shields.io 31 | [dev-deps-url]: https://david-dm.org/ljharb/aud#info=devDependencies 32 | [npm-badge-png]: https://nodei.co/npm/aud.png?downloads=true&stars=true 33 | [license-image]: https://img.shields.io/npm/l/aud.svg 34 | [license-url]: LICENSE 35 | [downloads-image]: https://img.shields.io/npm/dm/aud.svg 36 | [downloads-url]: https://npm-stat.com/charts.html?package=aud 37 | -------------------------------------------------------------------------------- /bin.mjs: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | import npx from 'libnpx'; 4 | import getLockfile from 'npm-lockfile/getLockfile'; 5 | import finder from 'find-package-json'; 6 | import semver from 'semver'; 7 | import colors from 'colors/safe.js'; 8 | 9 | import path from 'path'; 10 | import { existsSync } from 'fs'; 11 | import { copyFile, writeFile } from 'fs/promises'; 12 | import { execSync } from 'child_process'; 13 | 14 | import getProjectTempDir from './getProjectTempDir.js'; 15 | 16 | const { filename: pkg } = finder(process.cwd()).next(); 17 | const pkgDir = path.dirname(pkg); 18 | 19 | const encoding = { encoding: 'utf-8' }; 20 | 21 | const root = execSync('npm root -g', encoding); 22 | 23 | const NPM_PATH = path.join(root, 'npm', 'bin', 'npm-cli.js'); 24 | 25 | const argv = process.argv.slice(0, 2).concat('npm', 'audit', process.argv.slice(2)); 26 | const parsed = npx.parseArgs(argv, NPM_PATH); 27 | const npmNeeded = '>=6'; 28 | const p = [`npm@${npmNeeded}`]; 29 | Object.assign(parsed, { 30 | p, 31 | package: p, 32 | packageRequested: false, 33 | }); 34 | 35 | const hasPkgLock = existsSync(path.join(pkgDir, 'package-lock.json')); 36 | const hasShrink = !hasPkgLock && existsSync(path.join(pkgDir, 'npm-shrinkwrap.json')); 37 | const isFix = parsed.cmdOpts.indexOf('fix') > -1; 38 | 39 | const npmV = execSync('npm --version', encoding).trim(); 40 | const npmIsGood = semver.satisfies(npmV, npmNeeded); 41 | 42 | if (npmIsGood && (hasPkgLock || hasShrink || isFix)) { 43 | npx(parsed); 44 | } else { 45 | if (!npmIsGood) { 46 | console.log(colors.blue(`npm is v${npmV}; we need ${npmNeeded}; installing npm in a temp dir...`)); 47 | } 48 | Promise.all([ 49 | getLockfile(pkg), 50 | getProjectTempDir({ npmNeeded }), 51 | ]).then(async ([lockfile, tmpDir]) => { 52 | const lockfilePath = path.join(tmpDir, 'package-lock.json'); 53 | const writtenLockfile = writeFile(lockfilePath, lockfile, encoding); 54 | const writtenPkg = copyFile(pkg, path.join(tmpDir, 'package.json')); 55 | const auditLevel = execSync(`npm config get audit-level --no-workspaces --prefix="${process.cwd()}"`, encoding).trim(); 56 | const writtenRC = auditLevel && auditLevel !== 'undefined' ? writeFile(path.join(tmpDir, '.npmrc'), `audit-level=${auditLevel}`, encoding) : null; 57 | await Promise.all([writtenLockfile, writtenPkg, writtenRC]); 58 | return tmpDir; 59 | }).then((tmpDir) => { 60 | process.chdir(tmpDir); 61 | process.env.PATH = `${path.join(tmpDir, '../node_modules/.bin')}:${process.env.PATH}`; 62 | npx(parsed); 63 | }).catch((error) => { 64 | console.error(error); 65 | process.exit(error.code || 1); 66 | }); 67 | } 68 | -------------------------------------------------------------------------------- /getProjectTempDir.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const tmp = require('tmp'); 4 | const nodeCleanup = require('node-cleanup'); 5 | const semver = require('semver'); 6 | const colors = require('colors/safe'); 7 | 8 | const path = require('path'); 9 | const { exec, execSync } = require('child_process'); 10 | const { rmSync } = require('fs'); 11 | const { writeFile } = require('fs').promises; 12 | 13 | const cleanupHandlers = []; 14 | const finalCleanup = function finalCleanup() { 15 | for (let i = 0; i < cleanupHandlers.length; ++i) { 16 | cleanupHandlers[i](); 17 | } 18 | }; 19 | 20 | let rootTempDir; 21 | const getRootTempDir = function getRootTempDir(npmNeeded, logger = () => {}) { 22 | if (!rootTempDir) { 23 | logger(colors.blue('Creating root temp directory, to hold temporary lockfiles...')); 24 | rootTempDir = new Promise((resolve, reject) => { 25 | tmp.dir((err, tmpDir, cleanup) => { 26 | if (err) { 27 | reject(err); 28 | } else { 29 | resolve(tmpDir); 30 | cleanupHandlers.push(cleanup); 31 | nodeCleanup(finalCleanup); 32 | } 33 | }); 34 | }).then((tmpDir) => { 35 | const npmV = execSync('npm --version', { encoding: 'utf-8', cwd: tmpDir }).trim(); 36 | logger(`${colors.blue('Checking npm version:')} \`npm --version\` -> v${npmV}`); 37 | if (!semver.satisfies(npmV, npmNeeded)) { 38 | const pkgContents = { 39 | private: true, 40 | name: 'npm-jail', 41 | dependencies: { 42 | npm: npmNeeded, 43 | }, 44 | }; 45 | return writeFile( 46 | path.join(tmpDir, 'package.json'), 47 | JSON.stringify(pkgContents), 48 | ).then(() => new Promise((resolve, reject) => { 49 | cleanupHandlers.unshift(() => { 50 | rmSync(path.join(tmpDir, '*'), { recursive: true, force: true }); 51 | }); 52 | exec('npm install --no-package-lock --silent >/dev/null', { cwd: tmpDir }, (err) => { 53 | if (err) { 54 | reject(err); 55 | } else { 56 | resolve(tmpDir); 57 | } 58 | }); 59 | })); 60 | } 61 | return tmpDir; 62 | }); 63 | } 64 | return rootTempDir; 65 | }; 66 | 67 | module.exports = function getProjectTempDir({ npmNeeded = '^6.9.0-0', logger = undefined } = {}) { 68 | return getRootTempDir(npmNeeded, logger).then((rootDir) => { 69 | const projectDir = path.join(rootDir, 'XXXXXX'); 70 | return new Promise((resolve, reject) => { 71 | tmp.dir({ template: projectDir }, (err, tmpDir, cleanup) => { 72 | if (err) { 73 | reject(err); 74 | } else { 75 | resolve(tmpDir); 76 | cleanupHandlers.unshift(cleanup); 77 | } 78 | }); 79 | }); 80 | }); 81 | }; 82 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) 6 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 | 8 | ## [v3.0.1](https://github.com/ljharb/aud/compare/v3.0.0...v3.0.1) - 2024-07-31 9 | 10 | ### Commits 11 | 12 | - EOL [`6236062`](https://github.com/ljharb/aud/commit/6236062a0f9e5a41d0714ee39d6037736417c822) 13 | 14 | ## [v3.0.0](https://github.com/ljharb/aud/compare/v2.0.5...v3.0.0) - 2024-07-30 15 | 16 | ### Commits 17 | 18 | - [Refactor] move entrypoint to ESM [`84af24d`](https://github.com/ljharb/aud/commit/84af24d10c9bc6528ebe15072c91eaa1b6fbd9a0) 19 | - [Breaking] update `npm-lockfile`; drop node < 16.14 [`72c2567`](https://github.com/ljharb/aud/commit/72c2567cee20879a7cf257a611c18e896536870c) 20 | - [Refactor] replace `rimraf` with `fs.rmSync` recursive [`7ba7bec`](https://github.com/ljharb/aud/commit/7ba7bec8ac63e15aa81a97215b5abbf80fd063d0) 21 | - [Deps] update `tmp` [`517cfa1`](https://github.com/ljharb/aud/commit/517cfa1da938fd08dbf973c875c77c4cf1934c6f) 22 | - [Deps] update `rimraf` [`8030e3f`](https://github.com/ljharb/aud/commit/8030e3f2ab9d80f44a8b5e8f3196cd7efb6da15c) 23 | 24 | ## [v2.0.5](https://github.com/ljharb/aud/compare/v2.0.4...v2.0.5) - 2024-07-30 25 | 26 | ### Commits 27 | 28 | - [Dev Deps] update `@ljharb/eslint-config`, `tape` [`f1fd495`](https://github.com/ljharb/aud/commit/f1fd495bf0dc913f7461a8878e9af10fd626cf18) 29 | - [Tests] npm v10.6.0 changed its error prefix from `ERR!` to `error` [`af8b7f9`](https://github.com/ljharb/aud/commit/af8b7f98b28cf0b2eeb1213b03de5ee44e027390) 30 | - [Deps] update `semver`, `tmp` [`85db575`](https://github.com/ljharb/aud/commit/85db5759802dd54efc817567c377498e087a1b04) 31 | - [Fix] pin `tmp` to v0.2.1 due to a breaking change [`27c5052`](https://github.com/ljharb/aud/commit/27c505274534af3e931f612d7251196801a609ef) 32 | - [Deps] update `semver` [`dfd6ea9`](https://github.com/ljharb/aud/commit/dfd6ea9a4eb9fcf52062810dd832b5c060dd9860) 33 | - [Dev Deps] update `tape` [`9549943`](https://github.com/ljharb/aud/commit/9549943176525581d13dd892e4f65e1581edac99) 34 | 35 | ## [v2.0.4](https://github.com/ljharb/aud/compare/v2.0.3...v2.0.4) - 2023-12-08 36 | 37 | ### Commits 38 | 39 | - [actions] use shared rebase action [`5acc88d`](https://github.com/ljharb/aud/commit/5acc88dbf1f3fd2a9fd809beef9cd5dd20d014d2) 40 | - [Tests] npm 9+ throws EUSAGE for a non-lockfile npm audit, now [`b38d220`](https://github.com/ljharb/aud/commit/b38d22060596b92b69dac3e666f82e809bab0541) 41 | - [Dev Deps] update `npmignore`, `tape` [`dcbce75`](https://github.com/ljharb/aud/commit/dcbce7589c16235cde5f5412273ae4d04cfbe9e2) 42 | - [Fix] ensure `aud` works properly in workspaces [`4625b24`](https://github.com/ljharb/aud/commit/4625b240cc08470c0d5dc4a8366a56ddc43b8984) 43 | - [Deps] update `semver` [`e9c988c`](https://github.com/ljharb/aud/commit/e9c988c1dcdb8d4d19c8b12d08b9302e7e2e48be) 44 | - [Deps] update `semver` [`3d60b22`](https://github.com/ljharb/aud/commit/3d60b2207d4e6ce3ceb9966661aa4a02cdecbd8e) 45 | 46 | ## [v2.0.3](https://github.com/ljharb/aud/compare/v2.0.2...v2.0.3) - 2023-06-20 47 | 48 | ### Commits 49 | 50 | - [Deps] update `npm-lockfile`, `semver` [`0d66c3f`](https://github.com/ljharb/aud/commit/0d66c3f9f394bb7b0927ef7c14fddb95e91ab09f) 51 | - [Dev Deps] update `@ljharb/eslint-config`, `tape` [`bc34f8c`](https://github.com/ljharb/aud/commit/bc34f8cfe5479a131cdb06d4458c73c1cc764b64) 52 | 53 | ## [v2.0.2](https://github.com/ljharb/aud/compare/v2.0.1...v2.0.2) - 2022-12-19 54 | 55 | ### Commits 56 | 57 | - [meta] use `npmignore` to autogenerate an npmignore file [`dcf2617`](https://github.com/ljharb/aud/commit/dcf26179fe49403db2cfd0e84416c4a91f8dc288) 58 | - [Deps] unpin `pacote`, update `semver` [`daecac4`](https://github.com/ljharb/aud/commit/daecac47eb0da1e5c710af16708a166a980fd4f6) 59 | - [actions] update checkout action [`3c87a31`](https://github.com/ljharb/aud/commit/3c87a31e3333a83be06d0f2eb75e152a7e4d0c13) 60 | 61 | ## [v2.0.1](https://github.com/ljharb/aud/compare/v2.0.0...v2.0.1) - 2022-09-20 62 | 63 | ### Commits 64 | 65 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `auto-changelog`, `tape` [`7915f18`](https://github.com/ljharb/aud/commit/7915f182ec47aef1b53227be5fa2195709d0eb94) 66 | - [Deps] update `npm-lockfile`, `semver` [`8c9f7e0`](https://github.com/ljharb/aud/commit/8c9f7e07d50ac3f8c8aa0e3b3f81088c277348ae) 67 | - [Dev Deps] update `@ljharb/eslint-config`, `tape` [`65adcb9`](https://github.com/ljharb/aud/commit/65adcb9c3276a2a3699bca2f4392040dc441fb20) 68 | - [Deps] update `npm-lockfile` [`bc32409`](https://github.com/ljharb/aud/commit/bc3240994ae1d4d2b2c23b80b983f12e47d68ccf) 69 | - [meta] directly invoke the bin in `posttest` [`b40a155`](https://github.com/ljharb/aud/commit/b40a155514dec4ae88582de8144fee051025cbbf) 70 | - [Deps] update `npm-lockfile` [`97f7ca4`](https://github.com/ljharb/aud/commit/97f7ca4993d348e3e0f068d9e2c69d9df7b8d7ce) 71 | - [Deps] pin `pacote` due to a breaking change in v13.6.1+ [`00f6bc8`](https://github.com/ljharb/aud/commit/00f6bc8d9d3c4fb8acb2719d2d749f56cce896fe) 72 | - [Deps] add missing `rimraf` dep [`0f582e4`](https://github.com/ljharb/aud/commit/0f582e41e4f74682caadc047189ed9700aef6e85) 73 | 74 | ## [v2.0.0](https://github.com/ljharb/aud/compare/v1.1.5...v2.0.0) - 2022-01-11 75 | 76 | ### Commits 77 | 78 | - [actions] reuse common workflows [`37e4cf1`](https://github.com/ljharb/aud/commit/37e4cf1c324bc00838a4ad5ae815ba2ec983ffd6) 79 | - [Refactor] copy `getProjectTempDir` from `npm-lockfile` v2, since v3 removes it [`60e4f8b`](https://github.com/ljharb/aud/commit/60e4f8b0fbb7a85f64666ad2f79887181c14a781) 80 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `auto-changelog`, `safe-publish-latest`, `tape` [`6112fa0`](https://github.com/ljharb/aud/commit/6112fa0118cdc086881362311bd11ecddd907a00) 81 | - [Breaking] update to `npm-lockfile` v3 [`b52962b`](https://github.com/ljharb/aud/commit/b52962b44a5d679f25cd7d02fba7be844787067a) 82 | - [Tests] add `nyc` [`4d6cf90`](https://github.com/ljharb/aud/commit/4d6cf90f330c900f45f5210c345bd520619c3262) 83 | - [Tests] filter out npm warnings, redux [`5a63833`](https://github.com/ljharb/aud/commit/5a63833260db725e4dcd0537e174c7ed2dfac013) 84 | - [Refactor] use `colors` instead of `chalk` [`324a287`](https://github.com/ljharb/aud/commit/324a2872c6886abcf2da38442d8a6cae9ac0c78c) 85 | - [Refactor] use `fs.promises` instead of `util.promisify`; use built-in `copyFile` [`1e8d387`](https://github.com/ljharb/aud/commit/1e8d387875fbbd021b1fc09740d51505928f7fab) 86 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`d78214e`](https://github.com/ljharb/aud/commit/d78214e3bb74c674b55cef8a24de52fe0dc9f110) 87 | - [actions] update workflows [`b748956`](https://github.com/ljharb/aud/commit/b7489563d6e965b971d490c28f0620b52c7d6113) 88 | - [Tests] filter out npm warnings [`2627cfa`](https://github.com/ljharb/aud/commit/2627cfa33a7c6f80dc2e3fbc10d889e3a818ec8c) 89 | - [Deps] update `semver`, `tmp` [`f18f1ed`](https://github.com/ljharb/aud/commit/f18f1ed9965f0691201a92bc5eebf38bc92ede05) 90 | - [Breaking] add "exports" [`0c41fdd`](https://github.com/ljharb/aud/commit/0c41fddb9a7475b7582ecae6170713659484b6a9) 91 | - [Deps] update `npm-lockfile` [`cb70cd9`](https://github.com/ljharb/aud/commit/cb70cd99148b634ddb9ee497d7d5fab2d01c8ee5) 92 | - [Fix] pin `colors` [`ad0bde5`](https://github.com/ljharb/aud/commit/ad0bde55bcd6edee992f536fc504848000155f8f) 93 | - [Deps] update `npm-lockfile` [`ac56080`](https://github.com/ljharb/aud/commit/ac56080cd34b3d6252a48fd57704179b44e0ef3a) 94 | - [meta] broaden engines support to >= 10 [`211e00e`](https://github.com/ljharb/aud/commit/211e00ea72a4d5bd5e1d319a19ad7cda510a9f2c) 95 | - [meta] add `audit-level` [`56ca7ad`](https://github.com/ljharb/aud/commit/56ca7ad763aeba547cfbe47465560210e12b84ef) 96 | 97 | ## [v1.1.5](https://github.com/ljharb/aud/compare/v1.1.4...v1.1.5) - 2021-05-01 98 | 99 | ### Commits 100 | 101 | - [actions] use `node/install` instead of `node/run`; use `codecov` action [`b6cdffc`](https://github.com/ljharb/aud/commit/b6cdffc62ef496c3d05ca4984f97ddfcaa1b5755) 102 | - [readme] fix URLs [`84074e7`](https://github.com/ljharb/aud/commit/84074e7b1409e2576ea342ff6954fde785e54449) 103 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`37c3a3b`](https://github.com/ljharb/aud/commit/37c3a3b13580bd579a27770adbd14a35363ec9e6) 104 | - [Tests] fix error code checks due to npm 7 [`a7c7705`](https://github.com/ljharb/aud/commit/a7c770553914ff14fa44adc828f5248cd8b3f08f) 105 | - [meta] use `prepublishOnly` script for npm 7+ [`37d2fc7`](https://github.com/ljharb/aud/commit/37d2fc7ed2b825556d72be887962e4d01af7eadf) 106 | - [Dev Deps] update `eslint` [`f278729`](https://github.com/ljharb/aud/commit/f278729830a090f01402a5922df988be58480bcc) 107 | - [meta] add node 16 to `engines.node` [`2703898`](https://github.com/ljharb/aud/commit/270389850ff78b2661348a6a1dc79a75b13e1f08) 108 | 109 | ## [v1.1.4](https://github.com/ljharb/aud/compare/v1.1.3...v1.1.4) - 2021-02-09 110 | 111 | ### Commits 112 | 113 | - [meta] do not publish github action workflow files [`2a7b3f1`](https://github.com/ljharb/aud/commit/2a7b3f1e4fd9a917a777bfcbde4e1a204a9e040c) 114 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`41b90ae`](https://github.com/ljharb/aud/commit/41b90aedad42ed68ace6dcab73e8a2592087b6bb) 115 | - [Deps] update `util.promisify` [`fe9cd7f`](https://github.com/ljharb/aud/commit/fe9cd7f08e3b31841fa85d6650aa672c5ceadc46) 116 | - [Fix] allow npm 7+ [`41cec78`](https://github.com/ljharb/aud/commit/41cec786325e112983e4b696c7779fd6a56a1996) 117 | 118 | ## [v1.1.3](https://github.com/ljharb/aud/compare/v1.1.2...v1.1.3) - 2020-11-05 119 | 120 | ### Commits 121 | 122 | - [Tests] migrate tests to Github Actions [`4867d5d`](https://github.com/ljharb/aud/commit/4867d5d0f7335b75bc2ca597e27a394c3f17a972) 123 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `auto-changelog` [`e7b3103`](https://github.com/ljharb/aud/commit/e7b31037436e53885d9c952bb6eea0f08421a98d) 124 | - [actions] add "Allow Edits" workflow [`56e9a2e`](https://github.com/ljharb/aud/commit/56e9a2ee2fdf58e2bfe09bb4194960e033daaad9) 125 | - [Deps] update `libnpx`, `npm-lockfile` [`bc18eb2`](https://github.com/ljharb/aud/commit/bc18eb23d284ed77754b9413f0c8f673ffbe797a) 126 | - [meta] update `rebase` workflow to checkout v2 [`50049a4`](https://github.com/ljharb/aud/commit/50049a442c6f228d2fd1eec133e7ca030cfeb0a1) 127 | - [Dev Deps] update `eslint` [`ce73086`](https://github.com/ljharb/aud/commit/ce73086183aa4582ebf5236cb33a07e676289217) 128 | - [actions] switch Automatic Rebase workflow to `pull_request_target` event [`657e3c2`](https://github.com/ljharb/aud/commit/657e3c29d4cbbca53d2d9abaaf4e4f9e4635fea8) 129 | - [meta] add node 15 to "engines" [`2d5bfad`](https://github.com/ljharb/aud/commit/2d5bfad68b65091c7a7adbc17f3f13d1c6706707) 130 | 131 | ## [v1.1.2](https://github.com/ljharb/aud/compare/v1.1.1...v1.1.2) - 2020-05-15 132 | 133 | ### Commits 134 | 135 | - [Deps] add missing `util.promisify` [`e526029`](https://github.com/ljharb/aud/commit/e526029e75174937e26dcff38a22f0c3dbed5c2e) 136 | 137 | ## [v1.1.1](https://github.com/ljharb/aud/compare/v1.1.0...v1.1.1) - 2020-04-21 138 | 139 | ### Commits 140 | 141 | - [meta] add `^14` to `engines.node` [`4ef2e95`](https://github.com/ljharb/aud/commit/4ef2e9592b934e13e3bc418c9f0fe3021a60904a) 142 | - [Dev Deps] update `auto-changelog` [`e042f47`](https://github.com/ljharb/aud/commit/e042f4764c844677b6b0eff1d3fa51076678adf9) 143 | - [Dev Deps] update `auto-changelog` [`5d8dbc7`](https://github.com/ljharb/aud/commit/5d8dbc7e17c086e3ec137fd954c60bdc093a8f77) 144 | - [meta] ignore chalk; v3 requires node 8, v4 node 10; aud supports node 6 [`0ee46e2`](https://github.com/ljharb/aud/commit/0ee46e27d30f6f99690b6350dbcd8d028fe1eb85) 145 | 146 | ## [v1.1.0](https://github.com/ljharb/aud/compare/v1.0.0...v1.1.0) - 2020-03-28 147 | 148 | ### Commits 149 | 150 | - [Tests] use shared travis-ci configs [`b1d1358`](https://github.com/ljharb/aud/commit/b1d135821b4ae3ada02e222201b495a2f843402c) 151 | - [meta] add `auto-changelog` [`d4fad8e`](https://github.com/ljharb/aud/commit/d4fad8e69a99f7d33b9e3e93dcc75619ee9d6dcd) 152 | - [meta] add `funding` field [`a0f78c7`](https://github.com/ljharb/aud/commit/a0f78c718a4fe9f941b18ceb025923bf32a34117) 153 | - [actions] add automatic rebasing / merge commit blocking [`43d9614`](https://github.com/ljharb/aud/commit/43d9614f3fb89ee4b2bb2db9216a302fd8591e94) 154 | - [meta] create FUNDING.yml [`8382d05`](https://github.com/ljharb/aud/commit/8382d05a5e979872676052e01dd395f8501dd64c) 155 | - [Dev Deps] update `@ljharb/eslint-config`, `tape`; add `safe-publish-latest`; add `npx aud` to posttest [`5264b9f`](https://github.com/ljharb/aud/commit/5264b9f1e34f23077e2381238195c712a8c44446) 156 | - [Deps] update `npm-lockfile`, `semver` [`79be62b`](https://github.com/ljharb/aud/commit/79be62b4a1e1ee90753b60874e385cd9dd62b89d) 157 | - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`78bc852`](https://github.com/ljharb/aud/commit/78bc8529950c1095430d5d4a2f1a2e50720148c1) 158 | - [Dev Deps] update `auto-changelog`, `tape` [`41bfcd0`](https://github.com/ljharb/aud/commit/41bfcd058be246fa2e9130e3b92c92af42be6ba7) 159 | - [Tests] only audit prod deps [`47d2b0f`](https://github.com/ljharb/aud/commit/47d2b0f7a8e02b0a018affd6befe53d6cdc37eb4) 160 | - [Deps] update `libnpx` [`b4ed164`](https://github.com/ljharb/aud/commit/b4ed1642a0f2569b494fe2281a9aea4bc5307bd2) 161 | - [minor] add explicit support for newer node versions [`d735ae9`](https://github.com/ljharb/aud/commit/d735ae99a06ff0579eee0e7b8528d051525193fb) 162 | - [Deps] update `libnpx` [`b0689f5`](https://github.com/ljharb/aud/commit/b0689f5ed6af4fee99b8778ae94c42863ab15b2b) 163 | - [Deps] update `libnpx` [`75d85bf`](https://github.com/ljharb/aud/commit/75d85bf42dfd30bfc53aebcb72dd1feeaa18cedd) 164 | 165 | ## v1.0.0 - 2019-02-22 166 | 167 | ### Commits 168 | 169 | - [Tests] initial tests [`2e4cb27`](https://github.com/ljharb/aud/commit/2e4cb27958e6fccf66d42ef86d1b8061bae9e04a) 170 | - Initial commit [`851346f`](https://github.com/ljharb/aud/commit/851346fccda75bf59c9423370f04c1536f56773e) 171 | - initial binary [`9bdc003`](https://github.com/ljharb/aud/commit/9bdc003b161631a572befda65b14ca60beceaacc) 172 | - [Tests] add `npm run lint` [`18083f6`](https://github.com/ljharb/aud/commit/18083f606e521c446727aee18adbc9bf91a03ffb) 173 | - Drop support for node 7 and 9 [`005484a`](https://github.com/ljharb/aud/commit/005484a36f718c0cb58763b68348b01224641488) 174 | - readme [`a279d19`](https://github.com/ljharb/aud/commit/a279d19727f22aa2b553637759e30841c4c06e4a) 175 | - package.json [`da03188`](https://github.com/ljharb/aud/commit/da03188506eeda32a9796c2b10de5068786a4ddf) 176 | - [Fix] when local npm is not new enough, always go to a temp dir [`74e1e60`](https://github.com/ljharb/aud/commit/74e1e60eb0ed18ad8993718d095401cd939fcdbb) 177 | - Only apps should have lockfiles [`a519aa1`](https://github.com/ljharb/aud/commit/a519aa1725bf5deb752eb582d23a8479be830f32) 178 | - [Fix] handle nonexistent audit level [`4929e1a`](https://github.com/ljharb/aud/commit/4929e1a8e16b336dff05b1edd19f33e3d46315a6) 179 | - [Fix] copyFile was added in node 8 [`4f28308`](https://github.com/ljharb/aud/commit/4f28308621a88da64e529da1e697e3728e286dd3) 180 | --------------------------------------------------------------------------------