runtime/reference/cli/audit.md
The deno audit command checks your project's dependencies for known security
vulnerabilities. It reads your lock file and reports any advisories found in
vulnerability databases.
Audit all dependencies:
deno audit
Show only high and critical severity vulnerabilities:
deno audit --level=high
Check against the socket.dev vulnerability database:
deno audit --socket
Ignore specific CVEs (useful for suppressing false positives or accepted risks):
deno audit --ignore=CVE-2024-12345,CVE-2024-67890
Ignore advisories that have no available fix:
deno audit --ignore-unfixable
Don't error if the audit data can't be retrieved from the registry:
deno audit --ignore-registry-errors