Error when running in a project with private npm packages

[gabrielcipriano]

I recently added a private npm package to my project. Now when I run package-audit, it gives the following error:

This happens because some private registries doesn't supports npm audit yet (in my case, azure devOps artifacts)

azure's documentation suggests to run npm audit only on public packages :

npm audit --registry=https://registry.npmjs.org/

but when using npm-audit we are not able to pass arguments to the npm audit called internally.

Possible solutions:

• allow users to pass aditional arguments to the npm audit call:

  npm-audit --shouldWarn --moderate=8 -- --registry=https://registry.npmjs.org/

  obs: note the same syntax of passing aditional args to a npm run command (with everything after -- being passed to the npm audit command directly.

• solve only this particular case with a new flag (maybe --publicOnly), that internally adds --registry=https://registry.npmjs.org/ to the npm audit call:

  npm-audit --shouldWarn --moderate=8 --publicOnly

[acordiner92]

Hey Gabriel, thanks for reaching out to me. Interesting case you have there! Your first solution makes the most sense to me since it allows for flexibility in other potential situations in the future. I'll add the support for that in a new release. I should have something releasable in a couple of days :)

[gabrielcipriano]

Thats great! if there is anything that I could help, please reach me out