For anyone who didn’t see it:
https://docs.npmjs.com/getting-started/running-a-security-audit
The
npm audit
command submits a description of the dependencies configured in your package to your default registry and asks for a report of known vulnerabilities.npm audit
checks direct dependencies, devDependencies, bundledDependencies, and optionalDependencies, but does not check peerDependencies.
To use it:
$ npm install npm@latest -g
Then cd
into a project and run:
$ npm audit
Sample output: