alt Hacker NewsAnyone know of a published tool/script to check for the existence of any of the vulnerable npm packages? I don't see anything like that in the stepsecurity page.
Replies
sibeliuss • yesterday at 7:46 PM
`npm audit` for known issues
Anyone know of a published tool/script to check for the existence of any of the vulnerable npm packages? I don't see anything like that in the stepsecurity page.
`npm audit` for known issues
This won’t protect against everything, but it still seems like a good idea to implement:
https://github.com/danielroe/provenance-action