dotnet list package --vulnerable NuGetAuditSuppress is a quick but heavy-handed tool. It should be used temporarily or very selectively in non-production builds. For most teams, adjusting NuGetAuditLevel or explicitly fixing vulnerable packages is a safer, more maintainable approach. If you must suppress, document the reason and set a reminder to revisit. Recommendation: Avoid NuGetAuditSuppress=true in CI/CD or release builds. Prefer NuGetAudit=false if you must skip auditing, and use dedicated software composition analysis (SCA) tools for proper vulnerability management.
dotnet restore --verbosity detailed | grep "Audit" Or list vulnerabilities regardless of suppression: nugetauditsuppress
warning NU1901: Package 'Newtonsoft.Json' 12.0.1 has a known critical vulnerability. This audit is controlled by two main properties: nugetauditsuppress