Is it possible to skip audit when building?

Question

Is it possible to skip audit when building?

Closed this issue 5 years ago · 3 comments

Hi!

Thanks for the great work on the buildpack.
We're trying to reduce our build time on Heroku, and we saw messages like this in the output:
audited 14931 packages in 14.128s
Is it possible to reduce build time by skipping the auditing part?

Answer 1 · 2019-07-16T19:04:46.000Z

Hi @tomekowal! That auditing part is a feature of npm. It added an npm audit command which automatically runs when doing npm install. The buildpack just runs npm install.

You can disable that. You can probably add a .npmrc file in your project's directory and add the following:

audit = false

Haven't tried the above though.

Links below might help:
https://docs.npmjs.com/files/npmrc
https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities

Answer 2 · 2019-07-17T06:07:21.000Z

I tested that, and it works like a charm!
Thank you!

Answer 3 · 2019-07-17T11:02:56.000Z

BTW, those 14s are not only audit time. npm sums up the time for audit and install, so the gain in build time was smaller than I expected.