For discussion: outdated information in docs

[DanielRuf]

I was checking the current version of the docs and found some possibly outdated information.

npm audit is reserved for npm

This is not the case anymore, see yarnpkg/yarn#5808 and yarnpkg/yarn@49a157c

We just need a JSON representation of yarn.lock which is already possible.
https://github.com/npm/cli/blob/36682d4482cddee0acc55e8d75b3bee6e78fff37/lib/audit.js

npm audit installs a module even if it has vulnerabilities

Not really correct. You can run npm audit with only a lockfile. It does not install any package by itself. It just runs after a normal npm install when it can get the full deptree from the lockfile. See https://travis-ci.com/DanielRuf/audit-test/builds/112367931
https://github.com/imsnif/synp does the conversion for example

➜  test-npq rm -rf node_modules 
➜  test-npq npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 196 scanned packages
➜  test-npq ll
total 120
-rw-r--r--  1 druf  UEBERBIT\Domänen-Benutzer    28K May 20 09:00 package-lock.json
-rw-r--r--  1 druf  UEBERBIT\Domänen-Benutzer   163B May 20 08:59 package.json
-rw-r--r--  1 druf  UEBERBIT\Domänen-Benutzer    27K May 20 08:59 yarn.lock

➜  test-npq yarn audit
yarn audit v1.15.2
0 vulnerabilities found - Packages audited: 196
✨  Done in 0.64s.
➜  test-npq ll
total 120
-rw-r--r--  1 druf  UEBERBIT\Domänen-Benutzer    28K May 20 09:00 package-lock.json
-rw-r--r--  1 druf  UEBERBIT\Domänen-Benutzer   163B May 20 08:59 package.json
-rw-r--r--  1 druf  UEBERBIT\Domänen-Benutzer    27K May 20 08:59 yarn.lock

Maybe we can improve these parts in the docs =)

[lirantal]

🎉 This issue has been resolved in version 1.14.6 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀