[BUG] npm ci should not do update available checks, show packages look for funding, or report vulnerabilities

[AlvesJorge]

Is there an existing issue for this?

• [X] I have searched the existing issues

This issue exists in the latest npm version

• [X] I am using the latest npm

Current Behavior

When running npm ci I get the message about NPM having an available update, packages that need funding, and vulneratibility reports.

Aren't these useless in the scenarios where npm ci should be used?

automated environments such as test platforms, continuous integration, and deployment

I also wonder how much these affect performance.

Expected Behavior

When running npm ci I would expect it to not look for updated, packages that need funding, or vulnerability reports.

Steps To Reproduce

Run npm ci in any project with a package-lock.json

Environment

npm: 10.8.2 node: 20.18.0 os: mac / linux

[wraithgar]

The npm update check runs in a way that does not block the runtime. If your process ends before the check does, npm exits before finishing.

Funding is not an extra check, that's metadata in the packages it already pulled.

Audits are an important part of the install process, and this is 100% intentional. You can disable them with --no-audit.