diff --git a/lib/manager/npm/post-update/lerna.js b/lib/manager/npm/post-update/lerna.js
index 32b8f339d86fb177436e486e1990d9cfccc6c943..ca973b6f29fd29b4859f75306719e9cac0bf4b29 100644
--- a/lib/manager/npm/post-update/lerna.js
+++ b/lib/manager/npm/post-update/lerna.js
@@ -28,7 +28,7 @@ async function generateLockFiles(lernaClient, tmpDir, env) {
     logger.debug('Using lerna version ' + lernaVersion);
     const params =
       lernaClient === 'npm'
-        ? '--package-lock-only'
+        ? '--package-lock-only --no-audit'
         : '--ignore-scripts --ignore-engines --ignore-platform --mutex network:31879';
     cmd = `find . && ${lernaClient} install ${params} && npx lerna@${lernaVersion} bootstrap -- ${params}`;
     logger.debug({ cmd });
diff --git a/lib/manager/npm/post-update/npm.js b/lib/manager/npm/post-update/npm.js
index 24abea6264b04c157544f8b61d62079cd94b6012..965e5beb4e3905f4dc7bc3d281b51dcbb9f7b406 100644
--- a/lib/manager/npm/post-update/npm.js
+++ b/lib/manager/npm/post-update/npm.js
@@ -53,7 +53,7 @@ async function generateLockFile(tmpDir, env, filename) {
       }
     }
     logger.debug(`Using npm: ${cmd}`);
-    cmd = `find . && ${cmd} --version && ${cmd} install --package-lock-only && find .`;
+    cmd = `find . && ${cmd} --version && ${cmd} install --package-lock-only --no-audit && find .`;
     // TODO: Switch to native util.promisify once using only node 8
     ({ stdout, stderr } = await exec(cmd, {
       cwd: tmpDir,