Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>Npm audit
Npm audit

Npm audit

Jonas Stjernström

|
352 installs
| (1) | Free
Build task to run npm audit
Get it free

Build extension to run npm audit and fail the build on found vulnerabilities.

How to use

After installing the extension it will be available as a build task to add to your build pipelines.

After adding the task to a build pipeline you have to configure the task by setting the working directory npm audit will be run from, and the minimum level the task will fail at. The default level is set to High.

To add the task to a pipeline, the following options exist.

- task: npm-audit@1
  inputs:
    path: '$(Build.SourcesDirectory)'
    productionOnly: true
    recursive: true
    level: 'high'
    registry: 'my-registry'
    jsonOutput: true
    jsonOutputPath: 'path to export results'
    breakBuild: true
Variable Required Description
path Yes The path where to run the dotnet list package command
productionOnly No Should the scan skip dev dependencies, default is false
recursive No If all recursive package-lock.json files should be scanned, default is false
level Yes Which level a build will break on if vulnerabilities are found. Available options are low, moderate, high and critical, default is high
registry No Optional registry to use
jsonOutput No Output result as JSON
jsonOutputPath No Output JSON result to files in selected directory
breakBuild No If found vulnerabilities should break the build, otherwise it will emit a warning, default is true
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft