blocks|key|384544|text|不是你想要的答案，但它也会这样做：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|384545|npm+audit+%7C+grep+-B+1+-A+10+High|code-block|syntax|javascript|384546|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

Not the answer you are looking for, but it will do the same:
<pre><code>npm audit | grep -B 1 -A 10 High
</code></pre>

blocks|key|1496578|text|这个对我有用：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1496579|只显示高纯|offset|length|style|BOLD|1496580|npm+audit+%7C+grep+-E+"(High)"+-B3+-A10|code-block|syntax|javascript|1496581|展示了关键和高问题的|1496582|npm+audit+%7C+grep+-E+"(High+%7C+Critical)"+-B3+-A10|1496583|查看提出此解决方案的问题讨论。|1496584|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/npm/npm/issues/20596^0|0|0|5|0|0|0|A|0|0|A|2|0|0^^$0|@$1|2|3|4|5|6|7|10|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|11|8|@$D|12|E|13|F|G]]|9|@]|A|$]]|$1|H|3|I|5|J|7|14|8|@]|9|@]|A|$K|L]]|$1|M|3|N|5|6|7|15|8|@$D|16|E|17|F|G]]|9|@]|A|$]]|$1|O|3|P|5|J|7|18|8|@]|9|@]|A|$K|L]]|$1|Q|3|R|5|6|7|19|8|@]|9|@$D|1A|E|1B|1|1C]]|A|$]]|$1|S|3|-4|5|6|7|1D|8|@]|9|@]|A|$]]]|T|$U|$5|V|W|X|A|$Y|Z]]]]

This one worked for me:

Show High Only

<pre><code>npm audit | grep -E "(High)" -B3 -A10
</code></pre>

Show both Critical and High Issues

<pre><code>npm audit | grep -E "(High | Critical)" -B3 -A10
</code></pre>

Look at the <a href="https://github.com/npm/npm/issues/20596" rel="noreferrer">issue</a> discussion where this solution is proposed.

blocks|key|1496599|text|如果您希望在Powershell中执行此操作，只需使用以下命令(改编自@stayingcool的答案)：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1496600|只显示高纯|offset|length|style|BOLD|1496601|npm+audit+%7C+Select-String+-Pattern+"High"+-Context+0,10|code-block|syntax|javascript|1496602|显示高和关键的|1496603|npm+audit+%7C+Select-String+-Pattern+"(High+%7C+Critical)"+-Context+0,10|1496604|entityMap^0|0|0|5|0|0|0|7|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|T|8|@$D|U|E|V|F|G]]|9|@]|A|$]]|$1|H|3|I|5|J|7|W|8|@]|9|@]|A|$K|L]]|$1|M|3|N|5|6|7|X|8|@$D|Y|E|Z|F|G]]|9|@]|A|$]]|$1|O|3|P|5|J|7|10|8|@]|9|@]|A|$K|L]]|$1|Q|3|-4|5|6|7|11|8|@]|9|@]|A|$]]]|R|$]]

If your are looking to do it in Powershell, just use the following command (Adapted from @stayingcool's answer):

Show High Only

<pre><code>npm audit | Select-String -Pattern "High" -Context 0,10
</code></pre>

Show both High and Critical

<pre><code>npm audit | Select-String -Pattern "(High | Critical)" -Context 0,10
</code></pre>

blocks|key|1496617|text|编辑：我推荐这个(更好的)答案：https://stackoverflow.com/a/58056454/88111|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|1496618|它不那么漂亮，但你可以做到：|1496619|npm+audit+--parseable+%7C+grep+high|code-block|syntax|javascript|1496620|还有一个缺点是包含"high"的包/发行元数据也将被打印出来。|CODE|1496621|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/a/58056454/88111^0|0|3|G|16|0|0|0|0|9|6|0^^$0|@$1|2|3|4|5|6|7|X|8|@$9|Y|A|Z|B|C]]|D|@$9|10|A|11|1|12]]|E|$]]|$1|F|3|G|5|6|7|13|8|@]|D|@]|E|$]]|$1|H|3|I|5|J|7|14|8|@]|D|@]|E|$K|L]]|$1|M|3|N|5|6|7|15|8|@$9|16|A|17|B|O]]|D|@]|E|$]]|$1|P|3|-4|5|6|7|18|8|@]|D|@]|E|$]]]|Q|$R|$5|S|T|U|E|$V|W]]]]

Edit: I recommend this (better) answer: <a href="https://stackoverflow.com/a/58056454/88111">https://stackoverflow.com/a/58056454/88111</a>
It's not as pretty, but you can do:
<pre><code>npm audit --parseable | grep high
</code></pre>
With one additional downside being any package/issue metadata containing <code>&quot;high&quot;</code> will also be printed.

blocks|key|384735|text|--audit-level=high标志不改变npm审计的输出。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|384736|我将它发送到html以供报告，因此希望进一步清理它：|384737|npm+audit+%7C+grep+-E+"(High+%7C+Critical)"+-B3+-A11+--color=always+%7C+grep+-E+'┌%7C│%7C├%7C└'+--color=never|code-block|syntax|javascript|384738|但这将失去标题，并在底部“发现的漏洞”。我发现最简单的方法是只运行npm审计几次，并将所需的部分附加到文件中。|384739|最后的结果是这样的：|384740|npm+audit+%7C+grep+'==='+--color=never+>+temp.txt
npm+audit+%7C+grep+-E+"(High+%7C+Critical)"+-B3+-A11+--color=never+%7C+grep+-E+'┌%7C│%7C├%7C└'+--color=never+>>+temp.txt
npm+audit+%7C+grep+-E+"(found%7Cscanned+packages)"+--color=never+>>+temp.txt
cat+temp.txt|384741|或者作为一个吸引人的衬垫(lol)，它也删除了temp.txt文件：|384742|npm+audit+%7C+grep+'===+npm+audit'+--color=never+>+temp.txt;+npm+audit+%7C+grep+-E+"(High+%7C+Critical)"+-B3+-A11+--color=never+%7C+grep+-E+'┌%7C│%7C├%7C└'+--color=never+>>+temp.txt;+npm+audit+%7C+grep+-E+"(found%7Cscanned+packages)"+--color=never+>>+temp.txt;+cat+temp.txt;+rm+temp.txt;|384743|这条线很难看，但它可以很好地工作在一系列不同的repos上，前提是您只需要终端中的输出。|384744|当输出到一个文件，npm审计包括ansi颜色代码，不能关闭。这对我的报告来说是个问题！Sed可用于删除它们：|384745|sed+-i+''+$'s,\x1b\\[[0-9;]*[a-zA-Z],,g'+temp.txt|384746|entityMap^0|0|I|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|14|8|@$9|15|A|16|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|17|8|@]|D|@]|E|$]]|$1|H|3|I|5|J|7|18|8|@]|D|@]|E|$K|L]]|$1|M|3|N|5|6|7|19|8|@]|D|@]|E|$]]|$1|O|3|P|5|6|7|1A|8|@]|D|@]|E|$]]|$1|Q|3|R|5|J|7|1B|8|@]|D|@]|E|$K|L]]|$1|S|3|T|5|6|7|1C|8|@]|D|@]|E|$]]|$1|U|3|V|5|J|7|1D|8|@]|D|@]|E|$K|L]]|$1|W|3|X|5|6|7|1E|8|@]|D|@]|E|$]]|$1|Y|3|Z|5|6|7|1F|8|@]|D|@]|E|$]]|$1|10|3|11|5|J|7|1G|8|@]|D|@]|E|$K|L]]|$1|12|3|-4|5|6|7|1H|8|@]|D|@]|E|$]]]|13|$]]

The <code>--audit-level=high</code> flag doesn't change the output of npm audit.
I'm sending this to html for reporting purposes, so looking to clean it up further:
<pre><code>npm audit | grep -E &quot;(High | Critical)&quot; -B3 -A11 --color=always | grep -E '┌|│|├|└' --color=never
</code></pre>
But this will lose the title, and the 'found vulnerabilities' at the bottom. I found it simplest to just run npm audit a couple times and get the bits I need appended to a file.
Ended up going with something like this:
<pre><code>npm audit | grep '===' --color=never &gt; temp.txt
npm audit | grep -E &quot;(High | Critical)&quot; -B3 -A11 --color=never | grep -E '┌|│|├|└' --color=never &gt;&gt; temp.txt
npm audit | grep -E &quot;(found|scanned packages)&quot; --color=never &gt;&gt; temp.txt
cat temp.txt
</code></pre>
Or as a catchy one liner (lol) that also removes the temp.txt file:
<pre><code>npm audit | grep '=== npm audit' --color=never &gt; temp.txt; npm audit | grep -E &quot;(High | Critical)&quot; -B3 -A11 --color=never | grep -E '┌|│|├|└' --color=never &gt;&gt; temp.txt; npm audit | grep -E &quot;(found|scanned packages)&quot; --color=never &gt;&gt; temp.txt; cat temp.txt; rm temp.txt;
</code></pre>
The line is ugly but is working well across a bunch of different repos, provided you only need the output in the terminal.
When outputting to a file, npm audit includes ansi color codes, that can't be turned off. And this is a problem for my reports! Sed can be used to remove them:
<pre><code>sed -i '' $'s,\x1b\\[[0-9;]*[a-zA-Z],,g' temp.txt
</code></pre>

blocks|key|1621628|text|只是为了数一数高分：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1621629|npm+audit+%7C+grep+'High'+%7C+wc+-l+%7C+rev|code-block|syntax|javascript|1621630|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

Just to count the High(s):

<pre><code>npm audit | grep 'High' | wc -l | rev
</code></pre>

blocks|key|384762|text|将这一行放入您的审计脚本中：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|384763|"audit":+"level=$(npm+audit+--parseable+%7C+grep+-E+'high%7Ccritical'+%7C+wc+-l+%7C+rev);+[+$level+==+0+]+&&+exit+0"|code-block|syntax|javascript|384764|此代码确实检查了npm+audit的输出。如果没有高漏洞或关键漏洞，则进程将不会因错误而退出。|offset|length|style|CODE|384765|entityMap^0|0|0|8|9|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Q|8|@$I|R|J|S|K|L]]|9|@]|A|$]]|$1|M|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|N|$]]

Put this line into your audit scripts:
<pre><code>&quot;audit&quot;: &quot;level=$(npm audit --parseable | grep -E 'high|critical' | wc -l | rev); [ $level == 0 ] &amp;&amp; exit 0&quot;
</code></pre>
This code does check the output of <code>npm audit</code>. If there are no high or critical vulnerabilities the process will not exit with error.

blocks|key|1621606|text|这个包可能是您要寻找的：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1621607|https://www.npmjs.com/package/audit-filter|offset|length|1621608|它允许您按建议号进行过滤，这比按级别过滤要好。|1621609|$+cat+.nsprc
{
++"exceptions":+[
++++"https://npmjs.com/advisories/532",
++++"https://npmjs.com/advisories/577"
+++]
}|code-block|syntax|javascript|1621610|把它和用于审计级别的npm配置结合起来，你就很棒了。|1621611|entityMap|0|LINK|mutability|MUTABLE|url|1|https://docs.npmjs.com/misc/config#audit-level^0|0|0|16|0|0|0|0|3|C|1|0^^$0|@$1|2|3|4|5|6|7|X|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Y|8|@]|9|@$D|Z|E|10|1|11]]|A|$]]|$1|F|3|G|5|6|7|12|8|@]|9|@]|A|$]]|$1|H|3|I|5|J|7|13|8|@]|9|@]|A|$K|L]]|$1|M|3|N|5|6|7|14|8|@]|9|@$D|15|E|16|1|17]]|A|$]]|$1|O|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|P|$Q|$5|R|S|T|A|$U|C]]|V|$5|R|S|T|A|$U|W]]]]

This package might be what you are looking for: 

<a href="https://www.npmjs.com/package/audit-filter" rel="nofollow noreferrer">https://www.npmjs.com/package/audit-filter</a> 

It lets you filter by advisory number, which is better than filtering by level. 

<pre><code>$ cat .nsprc
{
 "exceptions": [
 "https://npmjs.com/advisories/532",
 "https://npmjs.com/advisories/577"
 ]
}
</code></pre>

Couple that with <a href="https://docs.npmjs.com/misc/config#audit-level" rel="nofollow noreferrer">npm config for audit level</a> and you're golden.

When you I execute <code>npm install</code> using new npm 6
i got a messages that tell me I have some vulnerabilities :
<blockquote>
[!] 75 vulnerabilities found [4867 packages audited]
Severity: 66 Low | 4 Moderate | 5 High
Run <code>npm audit</code> for more detail
</blockquote>
I ran <code>npm audit</code> but got a truncated list of vulnerabilities.
How I can check for only High vulnerabilities list ?
Thanks

How to check for only high vulnerabilities when using "npm audit"?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

EdgeOne AI 安全实战专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

当您使用新的vulnerabilities npm 6执行npm install时，我收到了一条消息，告诉我有一些：！75个漏洞发现4867个包已审计严重程度: 66低-4中度-5偏高运行npm audit获取更多详细信息我运行了npm audit，但是得到了一个被截断的漏洞列表。如何只检查高漏洞列表？谢谢

问如何在使用"npm审核“时只检查高漏洞？
EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在使用"npm审核“时只检查高漏洞？EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在使用"npm审核“时只检查高漏洞？
EN