Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm audit fix return error code "0" even if the remediation is not able to successfully fix all vulnerabilities #3309

Closed
1 task done
MartyHav opened this issue May 26, 2021 · 0 comments
Closed
1 task done

[BUG] npm audit fix return error code "0" even if the remediation is not able to successfully fix all vulnerabilities #3309

MartyHav opened this issue May 26, 2021 · 0 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release

Comments

@MartyHav
Copy link

MartyHav commented May 26, 2021
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Running:
npm audit fix --audit-level=info --verbose
Remediation is not able to successfully fix all vulnerabilities.
Getting this final output:

86 vulnerabilities (81 moderate, 5 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
npm timing command:audit Completed in 10270ms
npm verb exit 0
npm timing npm Completed in 10473ms
npm info ok

Expected Behavior

I would expect a non zero error code as the docs saying:

If vulnerabilities were found the exit code will depend on the audit-level configuration setting.
https://docs.npmjs.com/cli/v7/commands/npm-audit#exit-code

Steps To Reproduce

  1. find a npm project where vulnerabilities cannot be resolved
  2. Run 'npm audit fix'
  3. See error exit code of zero

Environment

  • OS: Node
  • Node: 16.2.0
  • npm: 7.13.0
@MartyHav MartyHav added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels May 26, 2021
@MartyHav MartyHav closed this as completed Jun 3, 2021
This was referenced Feb 20, 2022
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MartyHav