Artifactory now supports npm audit
, allowing you to get vulnerabilities on your npm projects’ dependencies tree.
Audit reports contain information about security vulnerabilities of dependencies and can help fix a vulnerability by providing npm commands and recommendations for further troubleshooting.
This functionality will be enabled by default on npm virtual repositories that aggregate at least one remote repository that supports npm audit. For example, a remote repository that points to https://registry.npmjs.org
or Artifactory Smart Remote repository.
JFrog Xray users with Artifactory Pro X / Enterprise / Enterprise+ license, will get an enhanced audit report that includes security vulnerabilities from Xray's database. When Xray is configured to work with Artifactory, an audit report can be generated from scratch even without connecting to any remote repository.
Users with Read Permission on the npm virtual repository can use the following npm commands:
Command | Description |
---|---|
| Returns a vulnerability report based on the dependency tree sent by the npm client that is generated by |
| Fetches the same report as |
| Returns the registry signatures of uploaded packages so you can ensure the integrity of the downloaded packages. |
In order to change the source of the npm audit reports, set the npm.default.audit.provider
system property (default https://registry.npmjs.org
) to your desired audit provider url.