At least a specially crafted package-lock.json file and probably package.json with dependencies.

Maybe it's possible (c1c6ddc should help experimenting):

(Thu, 11 Nov 2021 12:25:58 +0200)
[pashev@life:~/tmp/npm]
# cat package.json 
{
  "name": "cor-convert",
  "description": "Plain color conversion functions",
  "version": "2.0.1",
  "author": "Heather Arthur <fayearthur@gmail.com>",
  "license": "MIT",
  "repository": "Qix-/color-convert",
  "files": [
    "index.js",
    "conversions.js",
    "route.js"
  ],
  "dependencies": {
    "color-name": "file:/nix/store/2k0qqdcf64mdv80hnnakpxrvkjwi99fr-nodejs-14.17.3-color-name-1.1.4"
  }
}

(Thu, 11 Nov 2021 12:26:06 +0200)
[pashev@life:~/tmp/npm]
# rm -rf node_modules/

(Thu, 11 Nov 2021 12:26:28 +0200)
[pashev@life:~/tmp/npm]
# /nix/store/vx4kv0wl3n4xk5cq6l9ilvmhmvqz1fp9-nodejs-14.17.3/bin/npm i
added 1 package from 1 contributor and audited 1 package in 0.951s
found 0 vulnerabilities


(Thu, 11 Nov 2021 12:26:32 +0200)
[pashev@life:~/tmp/npm]
# find -ls
 16326662      4 drwxr-xr-x   3 pashev   pashev       4096 nov 11 12:26 .
 16259526      4 -rw-r--r--   1 pashev   pashev        256 nov 11 12:26 ./package-lock.json
 16259621      4 -r--r--r--   1 pashev   pashev        411 nov 11 12:23 ./package.json
 16326663      4 drwxr-xr-x   2 pashev   pashev       4096 nov 11 12:26 ./node_modules
 16256609      4 lrwxrwxrwx   1 pashev   pashev         89 nov 11 12:26 ./node_modules/color-name -> ../../../../../nix/store/2k0qqdcf64mdv80hnnakpxrvkjwi99fr-nodejs-14.17.3-color-name-1.1.4

(Thu, 11 Nov 2021 12:26:37 +0200)
[pashev@life:~/tmp/npm]
# /nix/store/vx4kv0wl3n4xk5cq6l9ilvmhmvqz1fp9-nodejs-14.17.3/bin/npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 1 scanned package

npm audit support #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

`npm audit` support #2