[BUG] Inconsistent output of 'npm audit' #8989
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
npm audit returns different output when run multiple times. This makes it harder to use tools like https://www.npmjs.com/package/audit-ci and causes flaky pipelines. Also adding --package-lock-only doesn't help.
Expected Behavior
Consistent output.
Steps To Reproduce
- Clone https://github.com/rfalke-rtl/npm-audit-bug
- Run
test-audit-consistency.sh
Sample output:
> ./test-audit-consistency.sh
Testing npm audit consistency with 10 runs...
Output directory: /var/folders/4j/d6nz8zr94rn70ypkm8x9gz400000gp/T/tmp.AE03msU4fZ
NPM version: 11.6.2
Run 1: 48b12ee627b9196b18be0df697befd3b01c9161c98a667b202a552d84e126e2b
Run 2: dabd5714c076ddfaeb7bc9a61d5e1ec0caf427aac093ceff67306dc35ec78e89
Run 3: dabd5714c076ddfaeb7bc9a61d5e1ec0caf427aac093ceff67306dc35ec78e89
Run 4: dd931c0f1e61d1c0f1c46c70c658dff994989335e20ef246d1a2b7eeea2f4b6f
Run 5: dabd5714c076ddfaeb7bc9a61d5e1ec0caf427aac093ceff67306dc35ec78e89
Run 6: dabd5714c076ddfaeb7bc9a61d5e1ec0caf427aac093ceff67306dc35ec78e89
Run 7: 9cd40f46c82d516515c3d6751e84c236cd0352386b807a56ae5a2eaa2e72e329
Run 8: 9cd40f46c82d516515c3d6751e84c236cd0352386b807a56ae5a2eaa2e72e329
Run 9: f16ffc6fd65bd24fa6ae765c406047db3c5e084e5bfab6496944e59f6169ffb8
Run 10: dabd5714c076ddfaeb7bc9a61d5e1ec0caf427aac093ceff67306dc35ec78e89
Environment
- npm: 11.6.2
- Node.js: v20.19.6
- OS Name: MacOS 26.2
- npm config:
legacy-peer-deps = false