Is it possible to skip audit when building?

[tomekowal]

Hi!

Thanks for the great work on the buildpack. We're trying to reduce our build time on Heroku, and we saw messages like this in the output: audited 14931 packages in 14.128s Is it possible to reduce build time by skipping the auditing part?

[gjaldon]

Hi @tomekowal! That auditing part is a feature of npm. It added an npm audit command which automatically runs when doing npm install. The buildpack just runs npm install.

You can disable that. You can probably add a .npmrc file in your project's directory and add the following:

audit = false

Haven't tried the above though.

Links below might help: https://docs.npmjs.com/files/npmrc https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities

[tomekowal]

I tested that, and it works like a charm! Thank you!

[tomekowal]

BTW, those 14s are not only audit time. npm sums up the time for audit and install, so the gain in build time was smaller than I expected.