Vulnerability Scan

For 99,999% of cases, npm audit is more than enough. It’s a result or the acquisition of ^Lift Security and Node Security Platform by NPM, and has it’s own database, more specific and relevant for JavaScript.

But maybe your project must be certifiable by an specific standard which enforces a strict set of databases which vulnerabilities are to be tested against. Odds are NVD is included. It’s the NIST (National Institute of Standards and Technology)’s National Vulnerability Database, sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. And if you need a tool which connects with NVD while maintaining its own database and is also quite popular, you should try Snyk.