NPM Global Audit
A utility to simplify (and make possible) an audit, i.e. npm audit
, of globally installed node modules.
Usage
npx npm-global-audit
# or, if you prefer to use npm instead of yarn to perform the actual audit
npx npm-global-audit --auditor npm
How it works
npm-global-audit
will determine your globally installed node modules using npm
built in tools (npm ls -g --depth=0
) and will then construct a minimal package.json file in your system temp directories, then use this "local" package.json as the package definition against which an audit can be performed. The audit will be performed against a package.json composed of the exact versions of node modules installed globally at the time of execution, i.e. it does not calculate any semver ranges.
Notes
- By default the actual audit is performed by
yarn
(which will be executed vianpx
in the event that you do not haveyarn
installed) as the output is more human-readable. You can usenpm
instead if you prefer by passing the-a
/--auditor
option. - Your node modules need to be installed locally so that a lockfile can be generated which is needed to perform the audit (this is not strictly true when the auditor is yarn, but to keep the logic of this utility simple, it performs the install anyway). To ensure that your system temp dirs won't bloat up with ephemeral
node_module
installs the script will remove the installed "local" packages when the audit is complete, but will not remove the generatedpackage.json
or any relevant lockfiles. - The audit only supports
npm
globally installed node modules. This may be expanded to include other package managers in the future.