deno audit

The deno audit command checks your project's dependencies for known security vulnerabilities. It reads your lock file and reports any advisories found in vulnerability databases.

Examples Jump to heading

Audit all dependencies:

deno audit

Show only high and critical severity vulnerabilities:

deno audit --level=high

Check against the socket.dev vulnerability database:

deno audit --socket

Ignore specific CVEs (useful for suppressing false positives or accepted risks):

deno audit --ignore=CVE-2024-12345,CVE-2024-67890

Ignore advisories that have no available fix:

deno audit --ignore-unfixable

Don't error if the audit data can't be retrieved from the registry:

deno audit --ignore-registry-errors

Command line usage:

deno audit [OPTIONS]

Audit currently installed dependencies.

deno audit

Show only high and critical severity vulnerabilities

deno audit --level=high

Check against socket.dev vulnerability database

deno audit --socket

Don't error if the audit data can't be retrieved from the registry

deno audit --ignore-registry-errors

Dependency management options Jump to heading

--frozen<BOOLEAN>optional

Error out if lockfile is out of date.

--lock<FILE>optional

Check the specified lock file. (If value is not provided, defaults to "./deno.lock").

--no-lock

Disable auto discovery of the lock file.

Options Jump to heading

--ignore<CVE>

Ignore advisories matching the given CVE IDs.

--ignore-registry-errors

Return exit code 0 if remote service(s) responds with an error.

--ignore-unfixable

Ignore advisories that don't have any actions to resolve them.

--level<level>

Only show advisories with severity greater or equal to the one specified.

--socket

Check against socket.dev vulnerability database.

Examples Jump to heading#

Dependency management options Jump to heading#

Options Jump to heading#

Did you find what you needed?

Examples Jump to heading

Dependency management options Jump to heading

Options Jump to heading