# `mix npm.audit`
[🔗](https://github.com/elixir-volt/npm_ex/blob/v0.7.4/lib/mix/tasks/npm.audit.ex#L1)

Check installed packages for known security vulnerabilities.

    mix npm.audit
    mix npm.audit --compromised
    mix npm.audit --osv
    mix npm.audit --osv --write-cache
    mix npm.audit --osv --write priv/security/compromised_packages.json
    mix npm.audit --compromised
    mix npm.audit --compromised --db priv/security/compromised_packages.json
    mix npm.audit --compromised --format json

With no flags, queries the npm registry audit endpoint for vulnerability
advisories affecting packages in `npm.lock`.

`--compromised` checks `npm.lock` offline against a local OSV-format malicious
package database. `--osv` queries OSV.dev for malicious package advisories and
can optionally write matching advisories to a local database for future offline
checks.

---

*Consult [api-reference.md](api-reference.md) for complete listing*