yarnpkg · arcanis · Oct 20, 2021 · Oct 17, 2021 · Oct 18, 2021 · Oct 19, 2021
diff --git a/.yarn/versions/d0edcb62.yml b/.yarn/versions/d0edcb62.yml
@@ -0,0 +1,8 @@
+releases:
+  "@yarnpkg/plugin-npm": minor
+  "@yarnpkg/plugin-npm-cli": minor
+
+declined:
+  - "@yarnpkg/plugin-compat"
+  - "@yarnpkg/cli"
+  - "@yarnpkg/core"
diff --git a/packages/plugin-npm-cli/sources/commands/npm/audit.ts b/packages/plugin-npm-cli/sources/commands/npm/audit.ts
@@ -96,7 +96,7 @@ export default class AuditCommand extends BaseCommand {
       dependencies,
     };
 
-    const registry = npmConfigUtils.getPublishRegistry(workspace.manifest, {
+    const registry = npmConfigUtils.getAuditRegistry(workspace.manifest, {
       configuration,
     });
 
@@ -106,7 +106,7 @@ export default class AuditCommand extends BaseCommand {
       stdout: this.context.stdout,
     }, async () => {
       result = ((await npmHttpUtils.post(`/-/npm/v1/security/audits/quick`, body, {
-        authType: npmHttpUtils.AuthType.NO_AUTH,
+        authType: npmHttpUtils.AuthType.BEST_EFFORT,
         configuration,
         jsonResponse: true,
         registry,

diff --git a/packages/plugin-npm-cli/sources/npmAuditUtils.ts b/packages/plugin-npm-cli/sources/npmAuditUtils.ts
@@ -183,7 +183,7 @@ export function getReportTree(result: npmAuditTypes.AuditResponse, severity?: np
         },
         Recommendation: {
           label: `Recommendation`,
-          value: formatUtils.tuple(formatUtils.Type.NO_HINT, advisory.recommendation.replace(/\n/g, ` `)),
+          value: formatUtils.tuple(formatUtils.Type.NO_HINT, advisory.recommendation?.replace(/\n/g, ` `)),
         },
       },
     };

diff --git a/packages/plugin-npm/sources/index.ts b/packages/plugin-npm/sources/index.ts
@@ -34,6 +34,11 @@ const authSettings = {
 };
 
 const registrySettings = {
+  npmAuditRegistry: {
+    description: `Registry to query for audit reports`,
+    type: SettingsType.STRING as const,
+    default: null,
+  },
   npmPublishRegistry: {
     description: `Registry to push packages to`,
     type: SettingsType.STRING as const,
@@ -52,6 +57,7 @@ declare module '@yarnpkg/core' {
     npmAuthIdent: string | null;
     npmAuthToken: string | null;
 
+    npmAuditRegistry: string | null;
     npmPublishRegistry: string | null;
     npmRegistryServer: string;
 

diff --git a/packages/plugin-npm/sources/npmConfigUtils.ts b/packages/plugin-npm/sources/npmConfigUtils.ts
@@ -1,6 +1,7 @@
 import {Configuration, Manifest, Ident} from '@yarnpkg/core';
 
 export enum RegistryType {
+  AUDIT_REGISTRY = `npmAuditRegistry`,
   FETCH_REGISTRY = `npmRegistryServer`,
   PUBLISH_REGISTRY = `npmPublishRegistry`,
 }
@@ -14,8 +15,12 @@ export function normalizeRegistry(registry: string) {
   return registry.replace(/\/$/, ``);
 }
 
+export function getAuditRegistry(manifest: Manifest, {configuration}: {configuration: Configuration}) {
+  return getDefaultRegistry({configuration, type: RegistryType.AUDIT_REGISTRY});
+}
+
 export function getPublishRegistry(manifest: Manifest, {configuration}: {configuration: Configuration}) {
-  if (manifest.publishConfig && manifest.publishConfig.registry)
+  if (manifest.publishConfig?.registry)
     return normalizeRegistry(manifest.publishConfig.registry);
 
   if (manifest.name)