As an Enterprise admin, you can prevent the download of insecure packages. For example, this is useful for keeping vulnerable dependencies out of your applications. At the moment, you can choose from three different security policies:
npm cache clear --force) and doing a clean install of your project (
All packages are allowed by default. To change your security policy:
npm install attempts to download a package that violates the policy, developers will see an error similar to the following.
$ npm i [email protected] npm notice Could not download lodash 1.0.0 due to policy violations. Use `npm audit fix` to upgrade this dependency. npm ERR! code E403 npm ERR! 403 Forbidden - GET https://registry.npmjs.com/lodash/-/lodash-1.0.0.tgz
To fix this error, use
npm audit fix to upgrade dependencies to versions that don’t violate policy.