Reputation: 541
What is the best way to check npm dependencies for security issues?
Specifically: what is the best way to check all dependencies including nested dependencies of packages listed in dependencies, peerDependencies, and devDependencies declared in package.json when using node.js?
The results of https://www.google.com/search?q=npm+check+dependencies+security do not look satisfactory so far.
Upvotes: 0
Views: 1113
Answers (2)
Reputation: 2566
Most recently the npm audit was introduced. I've tested snyk 2-3 years ago, can't anything positive or negative for the current state. There are other tools as well, and ways of finding out vulnerable packages. I would suggest to watch the talk "Analysis of an Exploited NPM Package" by Jarrod Overson. Useful just to understand that there always ways to exploit package repositories, especially full of open-source :)
Upvotes: 1
Reputation: 504
You can try Snyk
Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.
Upvotes: 3
Related Questions
- How can we trust npm modules?
- NodeJS & NPM: Package Security
- How can you make sure your npm dependencies are safe?
- check npm packages compatibility with node latest version
- Determine npm package dependency chain
- Vulnerabilities problem using "npm install"
- How to easily verify correct npm dependencies installed?
- npm install vulnaribilities are different for different projects
- How do you find out which NPM modules depend on yours?
- How to check if a particular npm package is working?