npm audit is a new feature, introduced with npm@6. It shows all vulnerabilities your dependencies got (excluding peerDependencies).
You can disable the warning for single package installations with the ‘--no-audit’ flag.
If you guys have used Github and have a long running project you might see something like this,
firstname.lastname@example.org was a big security vulnerability found which was resolved in email@example.com and later on.
this is a classic example where npm audit fix could be used efficiently.
we can use npm ls hoek here to find out where this dependency is used.
Now we know the places where this dependency is used and we have to fix it.
we just need to update the parent and it will solve everything..
This is what npm audit fix automatically does for us, watch following video for more insight or look into official blog from npmjs.
21 - How to run a security audit with npm audit | npm Documentation
The place where all things npm are documented
thank you all for reading, please follow Codebrace