You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're currently using npm pretty much everywhere at my company. I'm exploring pnpm as an alternative.
I'm not sure what the equivalent of npm audit fix is in pnpm. Coming from npm I'm used to being able to update what's needed to remove known security issues. AFAIK there's no single command that accomplishes the same in pnpm.
The closest I got was to
pnpm audit --fix to populate overrides,
pnpm install to persist changes in lockfile,
remove overrides
pnpm install
That way the dependencies that were overridden stay there as long as they comply with all specified version ranges. Remaining audits need to be looked at again
How do others handle that? Just live with the overrides?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
pnpm
Uh oh!
There was an error while loading. Please reload this page.
-
We're currently using npm pretty much everywhere at my company. I'm exploring pnpm as an alternative.
I'm not sure what the equivalent of
npm audit fixis in pnpm. Coming from npm I'm used to being able to update what's needed to remove known security issues. AFAIK there's no single command that accomplishes the same in pnpm.The closest I got was to
pnpm audit --fixto populate overrides,pnpm installto persist changes in lockfile,pnpm installThat way the dependencies that were overridden stay there as long as they comply with all specified version ranges. Remaining audits need to be looked at again
How do others handle that? Just live with the overrides?
Beta Was this translation helpful? Give feedback.
All reactions