**Qyv** @PhotonQyv · May 17, 2018, 14:50

**Qyv** @PhotonQyv · May 17, 2018, 14:50

Qyv @PhotonQyv

Think the whole Security Audit thing in #NPM is just another method to get developers to go mad, slowly.

Feel like I'm chasing my tail around and around, and around and not getting very far.

Updated to latest version of #Whalebird from #github and now I've got it down to 27 vulnerabilities, from 40, when previously I had it down to 14.

Think I'm going to start ignoring the audit info (may even just turn it off completely).

**Forrest Fuqua (JRWR)** @jrwr@mastodon.sdf.org · May 17, 2018, 14:50

**Forrest Fuqua (JRWR)** @jrwr@mastodon.sdf.org · May 17, 2018, 14:50

@PhotonQyv Im really surprised at the sheer number of libs being used by Node devs

**Qyv** @PhotonQyv · May 17, 2018, 14:55

**Qyv** @PhotonQyv · May 17, 2018, 14:55

@jrwr Since I don't even really know anything about #NPM or #Node, and while originally I thought I was helping, h3poteto@mstdn.io with #Whalebird I think I may just forget about PRing anything from now on.

A couple of code changes and the audit just gets ridiculous again.

If I mentioned #ADA would people know what I meant, I've never coded in that either, but I know it was a pain in't arse, apparently (;*

**Qyv** @PhotonQyv · 2018-05-17T15:04:27Z

Qyv @PhotonQyv

Oh bugger (;*

I've turned auditing off!:*

Shame!!

#NPM #Whalebird

May 17, 2018, 15:04 · whalebird · 0 · 0

**Qyv** @PhotonQyv · May 17, 2018, 15:11

**Qyv** @PhotonQyv · May 17, 2018, 15:11

Technical Note:

If you want to turn it off completely, and not just for a single install command you need:

npm set audit false (npm >= 5.1.0)

Or:

npm config set user-agent "npm/{npm-version} node/{node-version} {platform} {arch} no-audit" (npm < 5.1.0)

Source: Email from Kiera, Tech Support, npm, Inc