Enter the tools...
- snyk (https://snyk.io/) - Snyk requires that you install all packages for the project, and then it will scan them looking for known CVEs and advisories using their curated database
- nsp (https://nodesecurity.io/) - NSP scans your project's package.json file and searches for known vulnerabilities using their curated database
Using Node Security Platform (nsp)
Feel free to share your thoughts or questions in the comments below.