| FIELD | DESCRIPTION | TYPE | DEFAULT VALUE(S) | ALLOWED VALUE(S) |
|---|---|---|---|---|
| enabled | describes whether this part of the policy is enabled or not | Boolean | true | true, false |
| _compensatingControl | describes whether there is some other tool or process in place to handle this | Boolean | false | true, false |
| auditOptions | which tools are available to conduct dependency audit | String Array | [ “npm audit”, “snyk”] | “npm audit” “synk”* |
| autoFix | whether or not you want any of the tools defined in auditOptions to fix any vulnerabilities found** | Boolean | false | true, false |
| pathToReport | where you want the results of the audit to be recorded | String | ”/var/log/npm-audits/” |
* requires an account on synk.io. You can get that here
** setting this value to true may introduce breaking changes to your dependencies. We recommend that you review each recommended fix before accepting it