tldr/pages/common/pnpm-audit.md

# pnpm audit

> Scan project dependencies.
> Check for known security issues with the installed packages.
> More information: <https://pnpm.io/cli/audit>.

- Identify vulnerabilities in the project:

`pnpm audit`

- Automatically fix vulnerabilities:

`pnpm audit fix`

- Generate a security report in JSON format:

`pnpm audit --json > {{path/to/audit-report.json}}`

- Audit only dev dependencies:

`pnpm audit {{[-D|--dev]}}`

- Audit only production dependencies:

`pnpm audit {{[-P|--prod]}}`

- Exclude optional dependencies from the audit:

`pnpm audit --no-optional`

- Ignore registry errors during the audit process:

`pnpm audit --ignore-registry-errors`

- Filter advisories by severity (low, moderate, high, critical):

`pnpm audit --audit-level {{severity}}`