bun audit - Bun

bun audit - BunDocumentation Index

Fetch the complete documentation index at: /docs/llms.txt

Use this file to discover all available pages before exploring further.

Skip to main contentBun home pageSearch...⌘KInstall BunSearch...NavigationPublishing & Analysisbun auditRuntimePackage ManagerBundlerTest RunnerGuidesReferenceBlogFeedback:first-child]:!hidden peer-[.is-custom]:[&>:first-child]:sm:!hidden peer-[.is-custom]:[&>:first-child]:md:!hidden peer-[.is-custom]:[&>:first-child]:lg:!hidden peer-[.is-custom]:[&>:first-child]:xl:!hidden">Core Commandsbun installbun addbun removebun updatebunxPublishing & Analysisbun publishbun outdatedbun whybun auditbun infoWorkspace ManagementWorkspacesCatalogsbun linkbun pmAdvanced Configurationbun patchbun --filterGlobal cacheGlobal virtual storeIsolated installsLockfileLifecycle scriptsScopes and registriesOverrides and resolutionsSecurity Scanner API.npmrc supportOn this pageFiltering options--jsonExit codePublishing & Analysisbun auditCopy pagespan]:line-clamp-1 overflow-hidden group flex items-center py-0.5 gap-1 text-sm text-gray-950/50 dark:text-white/50 group-hover:text-gray-950/70 dark:group-hover:text-white/70 rounded-none rounded-r-xl border px-3 border-gray-200 aspect-square dark:border-white/[0.07] bg-background-light dark:bg-background-dark hover:bg-gray-600/5 dark:hover:bg-gray-200/5" aria-label="More actions" type="button" id="radix-_R_n4ctdbsnlht5lebsnpfdb_" aria-haspopup="menu" aria-expanded="false" data-state="closed">*]:[overflow-wrap:anywhere]">

Check your installed packages for known security vulnerabilities

Copy pagespan]:line-clamp-1 overflow-hidden group flex items-center py-0.5 gap-1 text-sm text-gray-950/50 dark:text-white/50 group-hover:text-gray-950/70 dark:group-hover:text-white/70 rounded-none rounded-r-xl border px-3 border-gray-200 aspect-square dark:border-white/[0.07] bg-background-light dark:bg-background-dark hover:bg-gray-600/5 dark:hover:bg-gray-200/5" aria-label="More actions" type="button" id="radix-_R_1cctdbsnlht5lebsnpfdb_" aria-haspopup="menu" aria-expanded="false" data-state="closed">Run the command in a project with a bun.lock file: terminal

bun audit

Bun sends the list of installed packages and versions to NPM, and prints a report of any vulnerabilities that were found. Packages installed from registries other than the default registry are skipped. If no vulnerabilities are found, the command prints:

No vulnerabilities found

When vulnerabilities are detected, each affected package is listed along with the severity, a short description and a link to the advisory. At the end of the report Bun prints a summary and hints for updating:

3 vulnerabilities (1 high, 2 moderate)
To update all dependencies to the latest compatible versions:
bun update
To update all dependencies to the latest versions (including breaking changes):
bun update --latest

​Filtering options --audit-level= - Only show vulnerabilities at this severity level or higher: terminal

bun audit --audit-level=high

--prod - Audit only production dependencies (excludes devDependencies): terminal

bun audit --prod

--ignore - Ignore specific CVEs (can be used multiple times): terminal

bun audit --ignore CVE-2022-25883 --ignore CVE-2023-26136

​--json Use the --json flag to print the raw JSON response from the registry instead of the formatted report: terminal

bun audit --json

​Exit code bun audit will exit with code 0 if no vulnerabilities are found and 1 if the report lists any vulnerabilities. This will still happen even if --json is passed.

Was this page helpful?

YesNoSuggest editsRaise issuebun whyPreviousbun infoNext⌘IxgithubdiscordyoutubePowered byThis documentation is built and hosted on Mintlify, a developer documentation platform