Scanning for known vulnerabilities

The nsp package (https://www.npmjs.com/package/nsp) scans a package.json or npm-shrinkwrap.json, looking for known vulnerabilities. The company behind that package keeps a list of such packages, which are queried by the nsp package. 

Starting with npm version 6, the nsp package functionality has been folded into npm itself as the npm audit command.   It is a command-line tool you run like so:

$ npm install nsp$ ./node_modules/.bin/nsp check (+) 3 vulnerabilities found┌────────────┬────────────────────────────────────────────────────────────────────┐│            │ Regular Expression Denial of Service                               │├────────────┼────────────────────────────────────────────────────────────────────┤│       Name │ mime                                                               │├────────────┼────────────────────────────────────────────────────────────────────┤ ...

Get Node.js Web Development - Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial