Enable audit command for enterprise registry npm
Jfrog Artifactory now fully support the 'npm audit' command (since version 6.10)
Furthermore, Using Jfrog Xray in combination with Artifactory will also enrich the audit report with more vulnerabilities and security info From Xray database.
https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.10
I have the same problem. We're using artifactory for private npm registry which doesn't support npm audit yet. Simplest solution which works for me is:
npm audit --registry=https://registry.npmjs.org
Alternative solution:
- backup config file for your private registry (most probably it's ~/.npmrc)
- change registry on public npm:
npm set registry https://registry.npmjs.org - use
npm audit/npm audit fix - revert private registry configuration back
Update 2020
In case of artifactory private npm registry - It does support npm audit now, so you can use npm audit / npm audit fix there without any additional configuration. But if your private npm registry still doesn't support npm audit – steps above will be valid for you.