bun.lock file:
terminal
Filtering options
--audit-level=<low|moderate|high|critical> - Only show vulnerabilities at this severity level or higher:
terminal
--prod - Audit only production dependencies (excludes devDependencies):
terminal
--ignore <CVE> - Ignore specific CVEs (repeat the flag to ignore several):
terminal
--json
Use the --json flag to print the raw JSON response from the registry instead of the formatted report:
terminal
Exit code
bun audit exits with code 0 if no vulnerabilities are found and 1 if the report lists any, including when --json is passed.